Lucene search
HistoryFeb 26, 2014 - 3:55 p.m.
CVE-2014-0058
red hat
jboss eap
security audit
plaintext logging
password exposure
nvd
cve-2014-0058
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
Affected configurations
Node
redhatjboss_enterprise_application_platformMatch6.0.0
ORredhatjboss_enterprise_application_platformMatch6.0.1
ORredhatjboss_enterprise_application_platformMatch6.1.0
ORredhatjboss_enterprise_application_platformMatch6.2.0
Related
redhat
redhat
veracode
veracode
Information Disclosure
2019-01-15 08:57:19
prion
prion
Input validation
2014-02-26 15:55:00
nvd
nvd
CVE-2014-0058
2014-02-26 15:55:08
nessus
nessus
RHEL 5 / 6 : JBoss EAP (RHSA-2014:0204)
2014-02-25 00:00:00
seebug
seebug
JBoss Enterprise Application Platformζζε―η ζ¬ε°δΏ‘ζ―ζ³ζΌζΌζ΄
2014-02-27 00:00:00
cvelist
cvelist
CVE-2014-0058
2014-02-26 15:00:00
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-0058