-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-016

Title: JBoss Enterprise Web Platform 5.2.0 security update [1]

Version history:
04.02.2013 Initial publication


Summary
=======
Updated JBoss Enterprise Web Platform 5.2.0 that fix one security issue.

The Red Hat Security Response Team has rated this update as having low security impact.

CVE numbers [2]:   CVE-2013-0218
                   


Affected Versions
=================
JBoss Enterprise Web Platform 5.2.0 for for RHEL 5 and RHEL 6

Original Details
================
The GUI installer created a world-readable auto-install XML file containing
both the JBoss Enterprise Web Platform administrator password and
the sucker password for the selected messaging system in plain text. A
local user able to access the directory where the GUI installer for JBoss
Enterprise Web Platform 5.1.2 was run could use this flaw to gain
administrative access to the JBoss Enterprise Web Platform
instance. (CVE-2013-0218)

What can you do?
================
This update is available via the Red Hat Network. [3]


What to tell your users
=======================

N/A

More information
================
[1]  
https://rhn.redhat.com/errata/RHSA-2013-0207.html
[2]  
https://www.redhat.com/security/data/cve/CVE-2013-0218.html
[3]  

https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=enterpriseweb.platform&version=5.2.0

Best regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJRD9uSAAoJEPpzpNLI8SVoSR8QAI95C++lj4ekYzgaPUfNoiVd
3HS3ATWuCJ3DJDuTsrpf+00ioZIf3n9R9Hwo/DLZDdIu42Uq8LSw5yVVi404oaZH
p9uSFoFRnaIvO9A0HBrqPnuEi77OJErmrCMQ/3oCeLIbePWpAfOcsJ1TKrUZRYbZ
Dt0CM1v/gPxtINlhVlWrVQ7AD48aEQs1CRTpWl+IKflie5UCLaMGvX8+/fIPzYjm
04cSk5GxH3MVASk4Vrt1gQvTgUXkC+jz3xaUgddP1ZAjLKWjd5LZqThGJgW174Qz
ODshR5zSgHlONb/SpHU7/v5C+lqvnHLVfb3u9BnkHdO0vrURMsMG5dVsvgpSFIlp
buQsP8h37ghofUdxNV2RfgvGgzcVdVaDBRgj9pSg8AcMU0NEFl2AY7L1teYzzKgL
sqFghWJ4CmJrXAHVInt58priG+6IxXvcUNNNebUP94+I/ysYz3IpoKRVsxPb9kTS
Bbmq6Ku5ipIQsDScvUEzEwzQWeB7Dq0HSH6YpHGGb5Aqx3PWYPvKiJdrvufZgVuT
RlXcynyOuKW2d2T2YGmiTrB9uG8t4FwwdC0Zkvgm9u2GDB0uwZJjtnGue+fthuQz
5R7t1bc/2edDCIfKqK7KHevUaSYWv49NJak2dhfLmOfIliA8o5S3srdEVjjwqkuf
fuSgEVV6RsRjNtc5A0ix
=O8bZ
-----END PGP SIGNATURE-----