Sensitive Information Disclosure in JBoss EAP 5.1.2 AMI due to Insecure Permissions

Sensitive Information Disclosure in JBoss EAP 5.1.2 AMI due to Insecure Permissions

CVE-2012-3427 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.

Learn more about our Cis Benchmark Audit For Amazon Web Services.