RCE in Redhat Jboss_enterprise_application_platform

CVE-2014-0248

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.023 (85.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 5.2.0
Redhat Jboss_enterprise_web_platform — versions 5.2.0
Redhat Jboss_web_framework_kit — versions 2.5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

59554 (x_refsource_SECUNIA, third-party-advisory)
59555 (x_refsource_SECUNIA, third-party-advisory)
59346 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2015:1888 (x_refsource_REDHAT, vendor-advisory)
RHSA-2014:0793 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
1030457 (vdb-entry, x_refsource_SECTRACK)
RHSA-2014:0785 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2014:0791 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2014:0792 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2014:0794 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)