CVE-2013-0218
Published: 5 February 2013
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
Notes
Author | Note |
---|---|
jdstrand |
per Debian, Only builds a few libraries, not the full application server |
Priority
References
- https://bugzilla.redhat.com/show_bug.cgi?id=903073
- http://xforce.iss.net/xforce/xfdb/81725
- http://secunia.com/advisories/52041
- http://rhn.redhat.com/errata/RHSA-2013-0207.html
- http://rhn.redhat.com/errata/RHSA-2013-0206.html
- https://www.cve.org/CVERecord?id=CVE-2013-0218
- NVD
- Launchpad
- Debian