World-readable permissions on audit.log in JBoss SX and PicketBox

World-readable permissions on audit.log in JBoss SX and PicketBox

CVE-2014-0059 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

Learn more about our User Device Pen Test.