Information Disclosure
jboss-as-web is vulnerable to information disclosure attacks. The vulnerability exists as the security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the l...