Information Disclosure

JBoss SX and PicketBox is vulnerable to information disclosure. The audit.log file which stores logs containing confidential information is world-readable. This allows a local user to read the log file and obtain sensitive information such as usernames and passwords...

PicketBox JBossSX Arbitrary File Execution Vulnerability

PicketBox is a set of java security framework , it provides developers with authentication , authorization , auditing and security mapping functions . An arbitrary file execution vulnerability exists in PicketBox JBossSX, which allows remote authenticated users to exploit the vulnerability to rea...

CVE-2014-0059

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform EAP before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...