CVE-2014-0059 Information

Description

JBoss SX and PicketBox as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3 use world-readable permissions on audit.log which allows local users to obtain sensitive information by reading this file.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0563.html http://rhn.redhat.com/errata/RHSA-2014-0564.html http://rhn.redhat.com/errata/RHSA-2014-0565.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html