Описание
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 6 | jboss-as-cli | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Operations Network 3 | jboss-as-cli | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2015:0849 | 16.04.2015 | |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-cli-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-codec-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-configuration-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-daemon-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-io-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-lang-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
The default configuration for the Command Line Interface in Red Hat En ...
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
EPSS
2.1 Low
CVSS2