Information disclosure in Redhat Jboss_enterprise_application_platform

CVE-2013-0218

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator…

Vulnerability class: Information Disclosure

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 5.1.2, 5.2.0
Redhat Jboss_enterprise_web_platform — versions 5.1.2, 5.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2013:0206 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
89698 (x_refsource_OSVDB, vdb-entry)
52041 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2013:0833 (x_refsource_REDHAT, vendor-advisory)
RHSA-2013:0207 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
jboss-eap-info-disc(81725) (vdb-entry, x_refsource_XF)
57652 (vdb-entry, x_refsource_BID)