CVE-2014-0059 — Sensitive Information Exposure in Redhat Jboss Enterprise Application Platform

CWE-200 — Sensitive Information Exposure CWE-532 — Log File Information Exposure5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 83.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedNov 17

Latest updateMay 17

Description

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform6.2.2

🔴Vulnerability Details

GHSA

GHSA-h9mr-9rp7-76qj: JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2022-05-17

▶

CVEList

CVE-2014-0059: JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2014-11-17

▶

📋Vendor Advisories

Red Hat

JBossSX/PicketBox: World readable audit.log file↗2014-05-27

▶

💬Community

Bugzilla

CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file↗2014-02-11

▶