Red Hat Security Advisory 2014-0791-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.
560b97d2370ca4284212130499acba95663b8d20758d8acd8e448914811060d8