CVE-2014-0248 Information

Description

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0 JBoss Enterprise Application Platform (JBEAP) 5.2.0 and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header related to Seam logging.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0785.html http://rhn.redhat.com/errata/RHSA-2014-0791.html http://rhn.redhat.com/errata/RHSA-2014-0792.html http://rhn.redhat.com/errata/RHSA-2014-0793.html http://rhn.redhat.com/errata/RHSA-2014-0794.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secunia.com/advisories/59346 http://secunia.com/advisories/59554 http://secunia.com/advisories/59555 http://www.securitytracker.com/id/1030457