org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:38
Type | Values Removed | Values Added |
---|---|---|
Summary | org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | |
References |
|
02 Feb 2023, 20:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. |
Information
Published : 2014-07-07 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-0248
Mitre link : CVE-2014-0248
CVE.ORG link : CVE-2014-0248
JSON object : View
Products Affected
redhat
- jboss_enterprise_web_platform
- jboss_web_framework_kit
- jboss_enterprise_application_platform
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')