CVE-2012-3427 — Incorrect Default Permissions in Redhat Jboss Enterprise Application Platform

CWE-264 CWE-276 — Incorrect Default Permissions5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedFeb 2

Latest updateMay 17

Description

EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform5.1.2

🔴Vulnerability Details

GHSA

GHSA-mhvm-wr2g-3xfq: EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5↗2022-05-17

▶

CVEList

CVE-2012-3427: EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5↗2014-02-02

▶

📋Vendor Advisories

Red Hat

CVE-2012-3427: EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5↗2014-02-02

▶

💬Community

Bugzilla

CVE-2012-3427 JBoss EAP 5 AMI: insecure default file permissions for /var/cache/jboss-ec2-eap↗2012-07-26

▶