Lucene search
HistoryNov 17, 2014 - 10:59 p.m.
CVE-2014-0059
cve-2014-0059
jboss
red hat
picketbox
information security
audit log
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
Affected configurations
Node
redhatjboss_enterprise_application_platformRange≤6.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:jboss_enterprise_application_platform | redhat jboss enterprise application platform | le | 6.2.2 |
Related
redhat
redhat
(RHSA-2014:0895) Moderate: Red Hat JBoss Data Grid 6.3.0 update
2014-07-16 17:02:12
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2014:0563)
2014-05-28 00:00:00
RHEL 5 : JBoss EAP (RHSA-2014:0564)
2014-05-28 00:00:00
nvd
nvd
CVE-2014-0059
2014-11-17 22:59:02
veracode
veracode
Information Disclosure
2019-01-15 08:52:04
prion
prion
Design/Logic Flaw
2014-11-17 22:59:00
cvelist
cvelist
CVE-2014-0059
2014-11-17 22:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
8.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-0059