First published: Tue Feb 11 2014(Updated: )
It was identified that web auditing, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may include passwords used for authentication mechanisms such as BASIC and FORMAUTH. A local attacker, with access to audit logs, could compromise application/server credentials.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Jboss Enterprise Application Platform | =6.0.0 | |
Redhat Jboss Enterprise Application Platform | =6.0.1 | |
Redhat Jboss Enterprise Application Platform | =6.1.0 | |
Redhat Jboss Enterprise Application Platform | =6.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.