Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0218

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2013-0218
Last Modified 30 Oct 2013 11:30:52
Published 05 Feb 2013 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-0218

Summary

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 5.1.2

  • Redhat Jboss Enterprise Application Platform 5.2.0

  • Redhat Jboss Enterprise Web Platform 5.1.2

  • Redhat Jboss Enterprise Web Platform 5.2.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=903073

XF - jboss-eap-info-disc(81725)

BID - 57652

OSVDB - 89698

SECUNIA - 52041

REDHAT - RHSA-2013:0207

REDHAT - RHSA-2013:0206

REDHAT - RHSA-2013:0833


Last Updated: 27 May 2016 10:56:40