Описание
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | seam | Not affected | ||
| Red Hat JBoss BRMS 5 | seam | Will not fix | ||
| Red Hat JBoss BRMS 6 | seam | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | seam | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | seam | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | seam | Not affected | ||
| Red Hat JBoss Operations Network 3 | seam | Not affected | ||
| Red Hat JBoss Portal 5 | seam | Affected | ||
| Red Hat JBoss Portal 6 | seam | Not affected | ||
| Red Hat JBoss SOA Platform 4 | seam | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
EPSS
6.8 Medium
CVSS2