Main Vulnerability Database Vulnerabilities #VU42006

#VU42006 Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058

Published: February 26, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42006

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-0058

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
JBoss Enterprise Application Platform

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

Remediation

Install update from vendor's website.

External links

http://rhn.redhat.com/errata/RHSA-2014-0204.html
http://rhn.redhat.com/errata/RHSA-2014-0205.html
http://rhn.redhat.com/errata/RHSA-2015-0034.html
http://www.securityfocus.com/bid/65762

#VU42006 Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058

Description

Remediation

External links

Please verify you're human