jboss-seam2 is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
rhn.redhat.com/errata/RHSA-2014-0785.html
rhn.redhat.com/errata/RHSA-2014-0791.html
rhn.redhat.com/errata/RHSA-2014-0792.html
rhn.redhat.com/errata/RHSA-2014-0793.html
rhn.redhat.com/errata/RHSA-2014-0794.html
rhn.redhat.com/errata/RHSA-2015-1888.html
secunia.com/advisories/59346
secunia.com/advisories/59554
secunia.com/advisories/59555
www.securitytracker.com/id/1030457
access.redhat.com/errata/RHSA-2014:0785
access.redhat.com/errata/RHSA-2014:0792
access.redhat.com/errata/RHSA-2014:0793
access.redhat.com/errata/RHSA-2014:0794
access.redhat.com/errata/RHSA-2015:1888
access.redhat.com/security/cve/CVE-2014-0248
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1101619
rhn.redhat.com/errata/RHSA-2014-0792.html