PT-2014-3554 · Red Hat · Red Hat Jboss Web Framework Kit+2
Published
2014-07-07
·
Updated
2023-02-13
·
CVE-2014-0248
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Web Framework Kit version 2.5.0
JBoss Enterprise Application Platform (JBEAP) version 5.2.0
JBoss Enterprise Web Platform (JBEWP) version 5.2.0
Description
The issue allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
Recommendations
For Red Hat JBoss Web Framework Kit version 2.5.0, update to a version that fixes the issue with org.jboss.seam.web.AuthenticationFilter.
For JBoss Enterprise Application Platform (JBEAP) version 5.2.0, update to a version that fixes the issue with org.jboss.seam.web.AuthenticationFilter.
For JBoss Enterprise Web Platform (JBEWP) version 5.2.0, update to a version that fixes the issue with org.jboss.seam.web.AuthenticationFilter.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Enterprise Application Platform
Jboss Enterprise Web Platform
Red Hat Jboss Web Framework Kit