CVE-2014-0248

Опубликовано: 07 июл. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

Ссылки

http://rhn.redhat.com/errata/RHSA-2014-0785.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0791.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0792.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0793.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0794.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1888.html
http://secunia.com/advisories/59346
http://secunia.com/advisories/59554
http://secunia.com/advisories/59555
http://www.securitytracker.com/id/1030457
http://rhn.redhat.com/errata/RHSA-2014-0785.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0791.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0792.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0793.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0794.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1888.html
http://secunia.com/advisories/59346
http://secunia.com/advisories/59554
http://secunia.com/advisories/59555
http://www.securitytracker.com/id/1030457

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_web_framework_kit:2.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02348

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2014-0248

redhat

больше 11 лет назад

GHSA-q9w9-gcjg-v636

github

больше 3 лет назад