// For flags

CVE-2014-0248

Seam: RCE via unsafe logging in AuthenticationFilter

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

org.jboss.seam.web.AuthenticationFilter en Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0 y JBoss Enterprise Web Platform (JBEWP) 5.2.0 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera de autenticación manipulada, relacionado con el registro Seam.

It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-06-24 CVE Published
  • 2024-01-01 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.2.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Web Platform
Search vendor "Redhat" for product "Jboss Enterprise Web Platform"
5.2.0
Search vendor "Redhat" for product "Jboss Enterprise Web Platform" and version "5.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Web Framework Kit
Search vendor "Redhat" for product "Jboss Web Framework Kit"
2.5.0
Search vendor "Redhat" for product "Jboss Web Framework Kit" and version "2.5.0"
-
Affected