CVE-2014-0248: Code Injection
First published: Tue May 27 2014(Updated: )
It was found that org.jboss.seam.web.AuthenticationFilter class implementation used seam logging in an unsafe manner. A remote attacker could exploit this issue in order to gain arbitrary code execution by providing specifically crafted authentication headers.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise Web Platform | =5.2.0 | |
| Red Hat JBoss Web Framework Kit | =2.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2014-0785.html
- https://rhn.redhat.com/errata/RHSA-2014-0794.html
- https://rhn.redhat.com/errata/RHSA-2014-0791.html
- https://rhn.redhat.com/errata/RHSA-2014-0793.html
- https://rhn.redhat.com/errata/RHSA-2014-0792.html
- https://rhn.redhat.com/errata/RHSA-2015-1888.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1101619
- http://rhn.redhat.com/errata/RHSA-2014-0785.html
- http://rhn.redhat.com/errata/RHSA-2014-0791.html
- http://rhn.redhat.com/errata/RHSA-2014-0792.html
- http://rhn.redhat.com/errata/RHSA-2014-0793.html
- http://rhn.redhat.com/errata/RHSA-2014-0794.html
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- http://secunia.com/advisories/59346
- http://secunia.com/advisories/59554
- http://secunia.com/advisories/59555
- http://www.securitytracker.com/id/1030457
Frequently Asked Questions
What is the severity of CVE-2014-0248?
CVE-2014-0248 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2014-0248?
To fix CVE-2014-0248, upgrade to the latest patched version of Red Hat JBoss Enterprise Application Platform, JBoss Enterprise Web Platform, or JBoss Web Framework Kit.
Who is affected by CVE-2014-0248?
CVE-2014-0248 affects users of Red Hat JBoss Enterprise Application Platform version 5.2.0, JBoss Enterprise Web Platform version 5.2.0, and JBoss Web Framework Kit version 2.5.0.
What kind of attack can exploit CVE-2014-0248?
CVE-2014-0248 can be exploited by remote attackers who send specially crafted authentication headers to execute arbitrary code.
When was CVE-2014-0248 disclosed?
CVE-2014-0248 was disclosed in 2014, drawing attention to its security impact on affected systems.
- collector/redhat-bugzilla
- alias/CVE-2014-0248
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.2.0
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.2.0
- canonical/red hat jboss web framework kit
- version/red hat jboss web framework kit/2.5.0