PT-2013-2163 · Red Hat · Jboss Enterprise Web Platform+1

Published

2013-02-05

Updated

2017-08-29

CVE-2013-0218

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) versions 5.1.2 through 5.2.0

Description The issue concerns the GUI installer in JBoss EAP and EWP, which uses world-readable permissions for the auto-install XML file. This allows local users to read the file and obtain sensitive information, including the administrator password and another password.

Recommendations For versions 5.1.2 through 5.2.0, consider changing the permissions of the auto-install XML file to prevent unauthorized access until a fix is available. As a temporary workaround, restrict local access to the system to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-0218

Affected Products

Red Hat Jboss Enterprise Application Platform

Jboss Enterprise Web Platform

PT-2013-2163 · Red Hat · Jboss Enterprise Web Platform+1

CVE-2013-0218

Weakness Enumeration

Related Identifiers

Affected Products

References · 10