CVE-2014-0058
low
CVSS v3
—
CVSS v2
1.9
VIR risk
1.9
Description
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-0034.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2014-0205.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2014-0204.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.1 | |
| redhat | jboss_enterprise_application_platform | 6.1.0 | |
| redhat | jboss_enterprise_application_platform | 6.2.0 | |
References
- http://rhn.redhat.com/errata/RHSA-2014-0204.html
- http://rhn.redhat.com/errata/RHSA-2014-0205.html
- http://rhn.redhat.com/errata/RHSA-2015-0034.html
- http://www.securityfocus.com/bid/65762
- http://rhn.redhat.com/errata/RHSA-2014-0204.html
- http://rhn.redhat.com/errata/RHSA-2014-0205.html
- http://rhn.redhat.com/errata/RHSA-2015-0034.html
- http://www.securityfocus.com/bid/65762
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.