OSVDB ID: 89698

Title: JBoss Enterprise Application Platform / JBoss Enterprise Web Platform Insecure Auto-install XML File Admin Password Local Disclosure

Info

Disclosure

Jan 30, 2013

Discovery

Unknown

Dates

Exploit

Jan 30, 2013

Solution

Jan 30, 2013

Description

JBoss Enterprise Application Platform and JBoss Enterprise Web Platform contain a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the program creating an insecure world readable auto-install XML file that contains sensitive information. This may allow a local attacker to gain access to administrative password information.

Classification

Location: Local Access Required
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.

Products

Red Hat, Inc.

JBoss Enterprise Application Platform

5.2.0

JBoss Enterprise Web Platform

5.2.0

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/89698