CVE-2014-0248

Red Hat JBoss Web Framework Kit/JBEAP/JBEWP <5.2.0 - RCE

Title source: llm
STIX 2.1

Description

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

References (10)

Core 10
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59554
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59555
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59346
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1888.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0793.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030457
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0785.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0791.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0792.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0794.html

Scores

EPSS 0.0351
EPSS Percentile 87.8%

Details

CWE
CWE-94
Status published
Products (3)
redhat/jboss_enterprise_application_platform 5.2.0
redhat/jboss_enterprise_web_platform 5.2.0
redhat/jboss_web_framework_kit 2.5.0
Published Jul 07, 2014
Tracked Since Feb 18, 2026