Information Disclosure

2019-01-1508:57:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

jboss-as-web is vulnerable to information disclosure attacks. The vulnerability exists as the security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

CPENameOperatorVersion
jboss-as-webeq7.3.1__3.Final_redhat_3.1.ep6.el6
jboss-as-webeq7.1.2__7.Final_redhat_1.ep6.el5
jboss-as-webeq7.2.1__5.Final_redhat_10.1.ep6.el5
jboss-as-webeq7.1.3__4.Final_redhat_4.ep6.el5
jboss-as-webeq7.3.1__3.Final_redhat_3.1.ep6.el5
jboss-as-webeq7.1.3__4.Final_redhat_4.ep6.el6
jboss-as-webeq7.3.0__6.Final_redhat_14.1.ep6.el6
jboss-as-webeq7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-webeq7.2.1__5.Final_redhat_10.1.ep6.el6
jboss-as-webeq7.1.2__7.Final_redhat_1.ep6.el6

Name	Operator	Version
jboss-as-web	eq	7.3.1__3.Final_redhat_3.1.ep6.el6
jboss-as-web	eq	7.1.2__7.Final_redhat_1.ep6.el5
jboss-as-web	eq	7.2.1__5.Final_redhat_10.1.ep6.el5
jboss-as-web	eq	7.1.3__4.Final_redhat_4.ep6.el5
jboss-as-web	eq	7.3.1__3.Final_redhat_3.1.ep6.el5
jboss-as-web	eq	7.1.3__4.Final_redhat_4.ep6.el6
jboss-as-web	eq	7.3.0__6.Final_redhat_14.1.ep6.el6
jboss-as-web	eq	7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-web	eq	7.2.1__5.Final_redhat_10.1.ep6.el6
jboss-as-web	eq	7.1.2__7.Final_redhat_1.ep6.el6