Red Hat Security Advisory 2014-0785-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. Seam is an open source development platform for building rich Internet applications in Java. Seam integrates technologies such as Asynchronous JavaScript and XML, JavaServer Faces, Java Persistence API, and Enterprise Java Beans. Seam 2.3 provides support for JSF 2, RichFaces 4, and JPA 2 capabilities, running on top of Red Hat JBoss Enterprise Application Platform 6. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.
06ffa563b022f7b57fa8a4d45d3f1578fddfa7ff5c60e99cce20af00025ce177