Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3201

Опубликовано: 20 мая 2015
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVMs.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsthermostat1-thermostatAffected
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1FixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-apache-commons-fileuploadFixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-jcommonFixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-jfreechartFixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-jline2FixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-nettyFixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6thermostat1-thermostatFixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUSthermostat1FixedRHSA-2015:105204.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUSthermostat1-apache-commons-fileuploadFixedRHSA-2015:105204.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-732
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1221989thermostat: world-readable configuration file containing credentials

EPSS

Процентиль: 15%
0.00048
Низкий

2.1 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-3201

nvd
больше 10 лет назад

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

github логотип

GHSA-785x-m7p9-vff9

github
больше 3 лет назад

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

EPSS

Процентиль: 15%
0.00048
Низкий

2.1 Low

CVSS2