Information Disclosure

2019-05-0206:09:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

77.0%

JSON

admin-cli in Red Hat JBoss Enterprise Application Platform is vulnerable to information disclosure. This vulnerability exists due to EAP feature to download server log files that allows logs to be available via GET requests causing cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.

CPENameOperatorVersion
eap7-picketlink-bindingseq2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindingseq2.5.5__3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindingseq2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindingseq2.5.5__1.SP1_redhat_2.2.ep7.el7
eap7-jboss-aesheq0.66.4__1.redhat_1.1.ep7.el7
eap7-jboss-aesheq0.66.12__1.redhat_1.1.ep7.el6
eap7-jboss-aesheq0.66.12__1.redhat_1.1.ep7.el7
eap7-jboss-aesheq0.66.4__1.redhat_1.1.ep7.el6

Name	Operator	Version
eap7-picketlink-bindings	eq	2.5.5__3.SP3_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__3.SP3_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el6
eap7-picketlink-bindings	eq	2.5.5__2.SP2_redhat_1.1.ep7.el7
eap7-picketlink-bindings	eq	2.5.5__1.SP1_redhat_2.2.ep7.el7
eap7-jboss-aesh	eq	0.66.4__1.redhat_1.1.ep7.el7
eap7-jboss-aesh	eq	0.66.12__1.redhat_1.1.ep7.el6
eap7-jboss-aesh	eq	0.66.12__1.redhat_1.1.ep7.el7
eap7-jboss-aesh	eq	0.66.4__1.redhat_1.1.ep7.el6