CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2014-0248 – Seam: RCE via unsafe logging in AuthenticationFilter
https://notcve.org/view.php?id=CVE-2014-0248
24 Jun 2014 — org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. org.jboss.seam.web.AuthenticationFilter en Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0 y JBoss Enterprise Web Platform (JBEWP) 5.2.0 permite a atacantes remotos ejecutar ... • http://rhn.redhat.com/errata/RHSA-2014-0785.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0149 – Seam: XSS flaw in remoting
https://notcve.org/view.php?id=CVE-2014-0149
02 May 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. Múltiples vulnerabilidades de XSS en Red Hat JBoss Web Framework Kit 2.5.0 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de un (1) parámetro o (2) nombre id. Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss ... • http://rhn.redhat.com/errata/RHSA-2014-0462.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-0086 – RichFaces: remote denial of service via memory exhaustion
https://notcve.org/view.php?id=CVE-2014-0086
26 Mar 2014 — The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests. La función doFilter en webapp/PushHandlerFilter.java en JBoss RichFaces 4.3.4, 4.3.5 y 5.x permite a atacantes remotos causar una denegación de servicio (consumo de memoria y error de falta de memoria) a través de un número grande de solicitudes atmosphere pus... • http://rhn.redhat.com/errata/RHSA-2014-0335.html • CWE-20: Improper Input Validation •