CVE-2014-0248 : org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

Published 2014-07-07 14:55:04

Updated 2023-02-13 00:38:14

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2014-0248

Probability of exploitation activity in the next 30 days: 8.59%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0248

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-0248

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0248

http://rhn.redhat.com/errata/RHSA-2014-0791.html

Red Hat Customer Portal
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0793.html

RHSA-2014:0793 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0792.html

RHSA-2014:0792 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://secunia.com/advisories/59554

Sign in
http://rhn.redhat.com/errata/RHSA-2014-0794.html

RHSA-2014:0794 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://www.securitytracker.com/id/1030457

Red Hat JBoss Web Framework Bug in AuthenticationFilter Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://rhn.redhat.com/errata/RHSA-2015-1888.html

RHSA-2015:1888 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0785.html

Red Hat Customer Portal
Vendor Advisory

Products affected by CVE-2014-0248

Redhat » Jboss Enterprise Application Platform » Version: 5.2.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Platform » Version: 5.2.0
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Web Framework Kit » Version: 2.5.0
cpe:2.3:a:redhat:jboss_web_framework_kit:2.5.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-0248

Exploit prediction scoring system (EPSS) score for CVE-2014-0248

CVSS scores for CVE-2014-0248

CWE ids for CVE-2014-0248

References for CVE-2014-0248

Products affected by CVE-2014-0248