Описание
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 6 | picketbox | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap-5 | Not affected | ||
| Red Hat JBoss Portal 6 | picketbox | Affected | ||
| Red Hat JBoss Data Grid 6.2 | Fixed | RHSA-2014:0029 | 15.01.2014 | |
| Red Hat JBoss Enterprise Application Platform 6.1 | Fixed | RHSA-2013:1209 | 04.09.2013 | |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-beanutils | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-daemon-jsvc-eap6 | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf-xjc-utils | Fixed | RHSA-2013:1207 | 04.09.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | hibernate4 | Fixed | RHSA-2013:1207 | 04.09.2013 |
Показывать по
10
Дополнительная информация
Статус:
Low
https://bugzilla.redhat.com/show_bug.cgi?id=948106PicketBox: Insecure storage of masked passwords
EPSS
Процентиль: 15%
0.00049
Низкий
1.7 Low
CVSS2
Связанные уязвимости
nvd
больше 12 лет назад
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
github
больше 3 лет назад
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
EPSS
Процентиль: 15%
0.00049
Низкий
1.7 Low
CVSS2