Veracode Vulnerability DatabaseVERACODE:11654Information Disclosure
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
jboss application server is vulnerable to information disclosure. The default configuration for the Command Line Interface created a history file .jboss-cli-history in the user’s home directory with insecure file permissions. This allows a malicious local user to gain information otherwise not accessible to them.
References
rhn.redhat.com/errata/RHSA-2015-0846.html
rhn.redhat.com/errata/RHSA-2015-0846.html
rhn.redhat.com/errata/RHSA-2015-0847.html
rhn.redhat.com/errata/RHSA-2015-0847.html
rhn.redhat.com/errata/RHSA-2015-0848.html
rhn.redhat.com/errata/RHSA-2015-0848.html
rhn.redhat.com/errata/RHSA-2015-0849.html
rhn.redhat.com/errata/RHSA-2015-0849.html
www.securitytracker.com/id/1032183
www.securitytracker.com/id/1032183
access.redhat.com/security/updates/classification/#important
access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/
bugzilla.redhat.com/show_bug.cgi?id=1126687
bugzilla.redhat.com/show_bug.cgi?id=1126687
bugzilla.redhat.com/show_bug.cgi?id=1155445
bugzilla.redhat.com/show_bug.cgi?id=1158978
bugzilla.redhat.com/show_bug.cgi?id=1165220
bugzilla.redhat.com/show_bug.cgi?id=1165228
bugzilla.redhat.com/show_bug.cgi?id=1166455
bugzilla.redhat.com/show_bug.cgi?id=1166745
bugzilla.redhat.com/show_bug.cgi?id=1167394
bugzilla.redhat.com/show_bug.cgi?id=1167919
bugzilla.redhat.com/show_bug.cgi?id=1167926
bugzilla.redhat.com/show_bug.cgi?id=1179790
bugzilla.redhat.com/show_bug.cgi?id=1179830
bugzilla.redhat.com/show_bug.cgi?id=1179837
bugzilla.redhat.com/show_bug.cgi?id=1179844
bugzilla.redhat.com/show_bug.cgi?id=1179847
bugzilla.redhat.com/show_bug.cgi?id=1182974
bugzilla.redhat.com/show_bug.cgi?id=1182980
bugzilla.redhat.com/show_bug.cgi?id=1182984
bugzilla.redhat.com/show_bug.cgi?id=1182990
bugzilla.redhat.com/show_bug.cgi?id=1182993
bugzilla.redhat.com/show_bug.cgi?id=1182996
bugzilla.redhat.com/show_bug.cgi?id=1182999
bugzilla.redhat.com/show_bug.cgi?id=1188723
bugzilla.redhat.com/show_bug.cgi?id=1188726
bugzilla.redhat.com/show_bug.cgi?id=1188730
bugzilla.redhat.com/show_bug.cgi?id=1188735
bugzilla.redhat.com/show_bug.cgi?id=1188938
bugzilla.redhat.com/show_bug.cgi?id=1188945
bugzilla.redhat.com/show_bug.cgi?id=1188952
bugzilla.redhat.com/show_bug.cgi?id=1188958
bugzilla.redhat.com/show_bug.cgi?id=1188966
bugzilla.redhat.com/show_bug.cgi?id=1188977
bugzilla.redhat.com/show_bug.cgi?id=1188984
bugzilla.redhat.com/show_bug.cgi?id=1188987
bugzilla.redhat.com/show_bug.cgi?id=1188990
bugzilla.redhat.com/show_bug.cgi?id=1188993
bugzilla.redhat.com/show_bug.cgi?id=1195909
bugzilla.redhat.com/show_bug.cgi?id=1195912
bugzilla.redhat.com/show_bug.cgi?id=1195917
bugzilla.redhat.com/show_bug.cgi?id=1195922
bugzilla.redhat.com/show_bug.cgi?id=1195925
bugzilla.redhat.com/show_bug.cgi?id=1195928
bugzilla.redhat.com/show_bug.cgi?id=1195931
bugzilla.redhat.com/show_bug.cgi?id=1195934
bugzilla.redhat.com/show_bug.cgi?id=1195937
bugzilla.redhat.com/show_bug.cgi?id=1195942
bugzilla.redhat.com/show_bug.cgi?id=1195951
bugzilla.redhat.com/show_bug.cgi?id=1198250
rhn.redhat.com/errata/RHSA-2015-0846.html
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N