The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jboss_enterprise_application_platform | Redhat | 6.0.0 (including) | 6.0.0 (including) |
| Jboss_enterprise_application_platform | Redhat | 6.0.1 (including) | 6.0.1 (including) |
| Jboss_enterprise_application_platform | Redhat | 6.1.0 (including) | 6.1.0 (including) |
| Jboss_enterprise_application_platform | Redhat | 6.2.0 (including) | 6.2.0 (including) |
| Red Hat JBoss BPMS 6.0 | RedHat | eap | * |
| Red Hat JBoss BRMS 6.0 | RedHat | eap | * |
| Red Hat JBoss Data Grid 6.3 | RedHat | eap | * |
| Red Hat JBoss Data Virtualization 6.0 | RedHat | eap | * |
| Red Hat JBoss Enterprise Application Platform 6.2 | RedHat | * | |
| Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 | RedHat | jboss-as-web-0:7.3.1-4.Final_redhat_4.1.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 | RedHat | jboss-as-web-0:7.3.1-4.Final_redhat_4.1.ep6.el6 | * |
| Red Hat JBoss Fuse Service Works 6.0 | RedHat | eap | * |
| Red Hat JBoss Operations Network 3.2 | RedHat | * | |
| Red Hat JBoss Portal 6.2 | RedHat | eap | * |
References
- http://rhn.redhat.com/errata/RHSA-2014-0204.html
- http://rhn.redhat.com/errata/RHSA-2014-0205.html
- http://rhn.redhat.com/errata/RHSA-2015-0034.html
- http://www.securityfocus.com/bid/65762
- http://rhn.redhat.com/errata/RHSA-2014-0204.html
- http://rhn.redhat.com/errata/RHSA-2014-0205.html
- http://rhn.redhat.com/errata/RHSA-2015-0034.html
- http://www.securityfocus.com/bid/65762