JBoss SX and PicketBox is vulnerable to information disclosure. The audit.log
file which stores logs containing confidential information is world-readable. This allows a local user to read the log file and obtain sensitive information such as usernames and passwords.
rhn.redhat.com/errata/RHSA-2014-0563.html
rhn.redhat.com/errata/RHSA-2014-0563.html
rhn.redhat.com/errata/RHSA-2014-0564.html
rhn.redhat.com/errata/RHSA-2014-0564.html
rhn.redhat.com/errata/RHSA-2014-0565.html
rhn.redhat.com/errata/RHSA-2014-0565.html
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0850.html
rhn.redhat.com/errata/RHSA-2015-0850.html
rhn.redhat.com/errata/RHSA-2015-0851.html
rhn.redhat.com/errata/RHSA-2015-0851.html
access.redhat.com/security/updates/classification/#low
access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/6.2.3_Release_Notes/index.html
bugzilla.redhat.com/show_bug.cgi?id=1079995
bugzilla.redhat.com/show_bug.cgi?id=1080087
bugzilla.redhat.com/show_bug.cgi?id=1088633
bugzilla.redhat.com/show_bug.cgi?id=1088635
bugzilla.redhat.com/show_bug.cgi?id=1088638
bugzilla.redhat.com/show_bug.cgi?id=1088643
bugzilla.redhat.com/show_bug.cgi?id=1088991
bugzilla.redhat.com/show_bug.cgi?id=1090194
bugzilla.redhat.com/show_bug.cgi?id=1090197
bugzilla.redhat.com/show_bug.cgi?id=1090199
bugzilla.redhat.com/show_bug.cgi?id=1090950
bugzilla.redhat.com/show_bug.cgi?id=1091435
rhn.redhat.com/errata/RHSA-2014-0563.html