#VU42006 Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU42006

#VU42006 Cryptographic issues in JBoss Enterprise Application Platform - CVE-2014-0058

Published: February 26, 2014 / Updated: August 10, 2020


Vulnerability identifier: #VU42006
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-0058
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
JBoss Enterprise Application Platform
Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.


Remediation

Install update from vendor's website.

External links