CVE-2014-0059

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Published on 17/11/14 - Updated on 01/10/16

Description

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2014-0059

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
redhatjboss_enterprise_application_platform

Share this vulnerability with:

Twitter Facebook LinkedIn Mail