CVE-2014-0248

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_framework_kit:2.5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:01

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2014-0785.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0785.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-0791.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0791.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-0792.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0792.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-0793.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0793.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-0794.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2014-0794.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-1888.html - () http://rhn.redhat.com/errata/RHSA-2015-1888.html -
References () http://secunia.com/advisories/59346 - () http://secunia.com/advisories/59346 -
References () http://secunia.com/advisories/59554 - () http://secunia.com/advisories/59554 -
References () http://secunia.com/advisories/59555 - () http://secunia.com/advisories/59555 -
References () http://www.securitytracker.com/id/1030457 - () http://www.securitytracker.com/id/1030457 -

Information

Published : 2014-07-07 14:55

Updated : 2024-11-21 02:01


NVD link : CVE-2014-0248

Mitre link : CVE-2014-0248

CVE.ORG link : CVE-2014-0248


JSON object : View

Products Affected

redhat

  • jboss_enterprise_application_platform
  • jboss_enterprise_web_platform
  • jboss_web_framework_kit
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')