-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-016 Title: JBoss Enterprise Web Platform 5.2.0 security update [1] Version history: 04.02.2013 Initial publication Summary ======= Updated JBoss Enterprise Web Platform 5.2.0 that fix one security issue. The Red Hat Security Response Team has rated this update as having low security impact. CVE numbers [2]: CVE-2013-0218 Affected Versions ================= JBoss Enterprise Web Platform 5.2.0 for for RHEL 5 and RHEL 6 Original Details ================ The GUI installer created a world-readable auto-install XML file containing both the JBoss Enterprise Web Platform administrator password and the sucker password for the selected messaging system in plain text. A local user able to access the directory where the GUI installer for JBoss Enterprise Web Platform 5.1.2 was run could use this flaw to gain administrative access to the JBoss Enterprise Web Platform instance. (CVE-2013-0218) What can you do? ================ This update is available via the Red Hat Network. [3] What to tell your users ======================= N/A More information ================ [1] https://rhn.redhat.com/errata/RHSA-2013-0207.html [2] https://www.redhat.com/security/data/cve/CVE-2013-0218.html [3] https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=enterpriseweb.platform&version=5.2.0 Best regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRD9uSAAoJEPpzpNLI8SVoSR8QAI95C++lj4ekYzgaPUfNoiVd 3HS3ATWuCJ3DJDuTsrpf+00ioZIf3n9R9Hwo/DLZDdIu42Uq8LSw5yVVi404oaZH p9uSFoFRnaIvO9A0HBrqPnuEi77OJErmrCMQ/3oCeLIbePWpAfOcsJ1TKrUZRYbZ Dt0CM1v/gPxtINlhVlWrVQ7AD48aEQs1CRTpWl+IKflie5UCLaMGvX8+/fIPzYjm 04cSk5GxH3MVASk4Vrt1gQvTgUXkC+jz3xaUgddP1ZAjLKWjd5LZqThGJgW174Qz ODshR5zSgHlONb/SpHU7/v5C+lqvnHLVfb3u9BnkHdO0vrURMsMG5dVsvgpSFIlp buQsP8h37ghofUdxNV2RfgvGgzcVdVaDBRgj9pSg8AcMU0NEFl2AY7L1teYzzKgL sqFghWJ4CmJrXAHVInt58priG+6IxXvcUNNNebUP94+I/ysYz3IpoKRVsxPb9kTS Bbmq6Ku5ipIQsDScvUEzEwzQWeB7Dq0HSH6YpHGGb5Aqx3PWYPvKiJdrvufZgVuT RlXcynyOuKW2d2T2YGmiTrB9uG8t4FwwdC0Zkvgm9u2GDB0uwZJjtnGue+fthuQz 5R7t1bc/2edDCIfKqK7KHevUaSYWv49NJak2dhfLmOfIliA8o5S3srdEVjjwqkuf fuSgEVV6RsRjNtc5A0ix =O8bZ -----END PGP SIGNATURE-----