CVE-2013-0218

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) versions 5.1.2 through 5.2.0

Description The issue concerns the GUI installer in JBoss EAP and EWP, which uses world-readable permissions for the auto-install XML file. This allows local users to read the file and obtain sensitive information, including the administrator password and another password.

Recommendations For versions 5.1.2 through 5.2.0, consider changing the permissions of the auto-install XML file to prevent unauthorized access until a fix is available. As a temporary workaround, restrict local access to the system to minimize the risk of exploitation.