Main Vulnerability Database Vulnerabilities #VU42006

Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058

Published: February 26, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42006

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-0058

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
JBoss Enterprise Application Platform

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

How to mitigate CVE-2014-0058

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2014-0204.html
http://rhn.redhat.com/errata/RHSA-2014-0205.html
http://rhn.redhat.com/errata/RHSA-2015-0034.html
http://www.securityfocus.com/bid/65762

Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058

Detailed vulnerability description

How to mitigate CVE-2014-0058

Sources

Please verify you're human