Lucene search
HistoryFeb 05, 2013 - 11:55 p.m.
CVE-2013-0218
jboss
eap
ewp
gui installer
vulnerability
cve-2013-0218
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.
Affected configurations
Node
redhatjboss_enterprise_application_platformMatch5.1.2
ORredhatjboss_enterprise_application_platformMatch5.2.0
Node
redhatjboss_enterprise_web_platformMatch5.1.2
ORredhatjboss_enterprise_web_platformMatch5.2.0
References
Related
redhat
redhat
prion
prion
Design/Logic Flaw
2013-02-05 23:55:00
ubuntucve
ubuntucve
CVE-2013-0218
2013-02-05 00:00:00
cvelist
cvelist
CVE-2013-0218
2013-02-05 23:11:00
nvd
nvd
CVE-2013-0218
2013-02-05 23:55:01
nessus
nessus
JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)
2013-06-24 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-0218