Описание
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-0218
- https://bugzilla.redhat.com/show_bug.cgi?id=903073
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81725
- http://rhn.redhat.com/errata/RHSA-2013-0206.html
- http://rhn.redhat.com/errata/RHSA-2013-0207.html
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://secunia.com/advisories/52041
- http://www.osvdb.org/89698
- http://www.securityfocus.com/bid/57652
Связанные уязвимости
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
The GUI installer in JBoss Enterprise Application Platform (EAP) and E ...