Описание
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Virtualization 6 | eap | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | eap | Affected | ||
| Red Hat JBoss BPMS 6.0 | eap | Fixed | RHSA-2015:0851 | 16.04.2015 |
| Red Hat JBoss BRMS 6.0 | eap | Fixed | RHSA-2015:0850 | 16.04.2015 |
| Red Hat JBoss Data Grid 6.3 | eap | Fixed | RHSA-2014:0895 | 16.07.2014 |
| Red Hat JBoss Data Virtualization 6.1 | Fixed | RHSA-2015:0675 | 11.03.2015 | |
| Red Hat JBoss Enterprise Application Platform 6.2 | Fixed | RHSA-2014:0565 | 27.05.2014 | |
| Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 | glassfish-jsf12-eap6 | Fixed | RHSA-2014:0564 | 28.05.2014 |
| Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 | glassfish-jsf-eap6 | Fixed | RHSA-2014:0564 | 28.05.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
EPSS
2.1 Low
CVSS2