Description

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.

Remediation

References

CVE-2013-0218

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33326)

WordPress Plugin Better Click To Tweet Unspecified Vulnerability (5.1)

Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2020-25630)

WordPress Plugin WooCommerce PayPlug Unspecified Vulnerability (3.1.0)

ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)

Severity

Low

Classification

CVE-2013-0218 CWE-200

Tags

Missing Update Known Vulnerabilities