CVE-2014-0248
Seam: RCE via unsafe logging in AuthenticationFilter
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
org.jboss.seam.web.AuthenticationFilter en Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0 y JBoss Enterprise Web Platform (JBEWP) 5.2.0 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera de autenticación manipulada, relacionado con el registro Seam.
It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-06-24 CVE Published
- 2024-01-01 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/59346 | Third Party Advisory | |
http://secunia.com/advisories/59554 | Third Party Advisory | |
http://secunia.com/advisories/59555 | Third Party Advisory | |
http://www.securitytracker.com/id/1030457 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0785.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0791.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0792.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0793.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0794.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-1888.html | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-0248 | 2015-10-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1101619 | 2015-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Web Platform Search vendor "Redhat" for product "Jboss Enterprise Web Platform" | 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Web Platform" and version "5.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Web Framework Kit Search vendor "Redhat" for product "Jboss Web Framework Kit" | 2.5.0 Search vendor "Redhat" for product "Jboss Web Framework Kit" and version "2.5.0" | - |
Affected
|