It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.
Find out more about CVE-2014-0248 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jboss-seam2) | RHSA-2014:0793 | 2014-06-25 |
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jboss-seam2) | RHSA-2014:0793 | 2014-06-25 |
Red Hat JBoss Web Platform 5 for RHEL 6 Server (jboss-seam2) | RHSA-2014:0792 | 2014-06-25 |
Red Hat JBoss Web Platform 5 for RHEL 4 AS (jboss-seam2) | RHSA-2014:0792 | 2014-06-25 |
Red Hat JBoss Web Platform 5 for RHEL 5 Server (jboss-seam2) | RHSA-2014:0792 | 2014-06-25 |
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jboss-seam2) | RHSA-2014:0793 | 2014-06-25 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Portal Platform 6 | seam | Not affected |
Red Hat JBoss Portal 5 | seam | Affected |
Red Hat JBoss Operations Network 3 | seam | Not affected |
Red Hat JBoss Fuse Service Works 6 | seam | Not affected |
Red Hat JBoss Enterprise SOA Platform 5 | seam | Affected |
Red Hat JBoss Enterprise SOA Platform 4 | seam | Will not fix |
Red Hat JBoss EAP 6 | seam | Not affected |
Red Hat JBoss EAP 5 | seam | Affected |
Red Hat JBoss Data Virtualization 6 | seam | Not affected |
Red Hat JBoss BRMS 6 | seam | Not affected |
Red Hat JBoss BRMS 5 | seam | Will not fix |
Red Hat JBoss BPMS 6 | seam | Not affected |