CVE-2014-0058

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-0204.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0205.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0034.html	Vendor Advisory
http://www.securityfocus.com/bid/65762

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:::::::*

Information

Published : 2014-02-26 07:55

Updated : 2017-01-06 18:59

NVD link : CVE-2014-0058

Mitre link : CVE-2014-0058

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

redhat

jboss_enterprise_application_platform

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0204.html", "name": "RHSA-2014:0204", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0205.html", "name": "RHSA-2014:0205", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html", "name": "RHSA-2015:0034", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/65762", "name": "65762", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0058", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-26T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-01-07T02:59Z"}

1.9 /10