Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-0248 Vulnerability in maven package org.jboss.seam:jboss-seam

Description

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0785.html

http://rhn.redhat.com/errata/RHSA-2014-0791.html

http://rhn.redhat.com/errata/RHSA-2014-0792.html

http://rhn.redhat.com/errata/RHSA-2014-0793.html

http://rhn.redhat.com/errata/RHSA-2014-0794.html

http://rhn.redhat.com/errata/RHSA-2015-1888.html

http://secunia.com/advisories/59346

http://secunia.com/advisories/59554

http://secunia.com/advisories/59555

http://www.securitytracker.com/id/1030457

Related Vulnerabilities

CVE-2018-1000202 Vulnerability in maven package org.jvnet.hudson.plugins:groovy-postbuild

CVE-2023-34603 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2018-8010 Vulnerability in maven package org.apache.solr:solr-core

CVE-2011-5064 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-1003097 Vulnerability in maven package com.ds.tools.hudson:crowd

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory