AMI: insecure default file permissions for /var/cache/jboss-ec2-eap

EC2 Amazon Machine Image AMI in JBoss Enterprise Application Platform EAP 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services AWS credentials by reading files in the directory...

Low: Red Hat Security Advisory: jbosscache security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

JBoss Cache 'NonManagedConnectionFactory.java'本地信息泄露漏洞

Bugtraq ID: 51392 CVE ID：CVE-2012-0034 JBoss Cache是针对Java应用的企业级集群解决方案，其目的是通过缓存需要频繁访问的Java对象，提高应用的可用性并大幅度提升应用的整体性能。 JBoss Cache存在安全漏洞，允许本地用户获得敏感信息。 当连接失败时，"getConnection"函数jboss/cache/loader/NonManagedConnectionFactory.java会把用户名和密码记录到日志文件中，本地攻击者可以访问日志信息获得敏感验证信息。 0 JBoss Cache 3.2.8.GA 厂商解决方案...