CVE-2014-0058

Опубликовано: 24 фев. 2014

Источник: redhat

CVSS2: 1.9

EPSS Низкий

Описание

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform 5	audit	Not affected
Red Hat JBoss Operations Network 3	eap	Affected
Red Hat JBoss BPMS 6.0	eap	Fixed	RHSA-2014:1291	23.09.2014
Red Hat JBoss BRMS 6.0	eap	Fixed	RHSA-2014:1290	23.09.2014
Red Hat JBoss Data Grid 6.3	eap	Fixed	RHSA-2014:0895	16.07.2014
Red Hat JBoss Data Virtualization 6.0	eap	Fixed	RHSA-2015:0034	12.01.2015
Red Hat JBoss Enterprise Application Platform 6.2		Fixed	RHSA-2014:0205	24.02.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	jboss-as-web	Fixed	RHSA-2014:0204	24.02.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6	jboss-as-web	Fixed	RHSA-2014:0204	24.02.2014
Red Hat JBoss Fuse Service Works 6.0	eap	Fixed	RHSA-2014:1995	15.12.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1063641EAP6: Plain text password logging during security audit

EPSS

Процентиль: 19%

0.00061

Низкий

1.9 Low

CVSS2

Связанные уязвимости

CVE-2014-0058

nvd

почти 12 лет назад

GHSA-42c9-mw7r-66f3

github