Remote Code Execution (RCE)

2019-01-1508:54:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.086 Low

EPSS

Percentile

94.5%

JSON

jboss-seam2 is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

CPENameOperatorVersion
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.6.el4
jboss-seam2eq2.2.5.EAP5__6.ep5.el4
jboss-seam2eq2.2.4.EAP5__3.ep5.el4
jboss-seam2eq2.2.2.EAP__17.el4_8
jboss-seam2eq2.2.4.EAP5__3.ep5.el6
jboss-seam2eq2.2.6.EAP5__14.ep5.el6
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.4.el4
jboss-seam2eq2.2.6.EAP5__10.ep5.el5
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.7.el5
jboss-seam2eq2.0.2.FP__1.ep1.27.el5

Name	Operator	Version
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.6.el4
jboss-seam2	eq	2.2.5.EAP5__6.ep5.el4
jboss-seam2	eq	2.2.4.EAP5__3.ep5.el4
jboss-seam2	eq	2.2.2.EAP__17.el4_8
jboss-seam2	eq	2.2.4.EAP5__3.ep5.el6
jboss-seam2	eq	2.2.6.EAP5__14.ep5.el6
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.4.el4
jboss-seam2	eq	2.2.6.EAP5__10.ep5.el5
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.7.el5
jboss-seam2	eq	2.0.2.FP__1.ep1.27.el5