Description
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
References (10)
Core 10
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59554
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59555
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59346
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1888.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0793.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030457
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0785.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0791.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0792.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0794.html
Scores
EPSS
0.0351
EPSS Percentile
87.8%
Details
CWE
CWE-94
Status
published
Products (3)
redhat/jboss_enterprise_application_platform
5.2.0
redhat/jboss_enterprise_web_platform
5.2.0
redhat/jboss_web_framework_kit
2.5.0
Published
Jul 07, 2014
Tracked Since
Feb 18, 2026