-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-015

Title: JBoss Enterprise Application Platform 5.2.0 security update [1]

Version history:
04.02.2013 Initial publication


Summary
=======
Updated JBoss Enterprise Application Platform 5.2.0 that fix one security issue.

The Red Hat Security Response Team has rated this update as having low security impact.

CVE numbers [2]:   CVE-2013-0218
                   


Affected Versions
=================
JBoss Enterprise Application Platform 5.2.0 for for RHEL 5 and RHEL 6

Original Details
================
The GUI installer created a world-readable auto-install XML file containing
both the JBoss Enterprise Application Platform administrator password and
the sucker password for the selected messaging system in plain text. A
local user able to access the directory where the GUI installer for JBoss
Enterprise Application Platform 5.1.2 was run could use this flaw to gain
administrative access to the JBoss Enterprise Application Platform
instance. (CVE-2013-0218)

What can you do?
================
This update is available via the Red Hat Network. [3]


What to tell your users
=======================

N/A

More information
================
[1]  
https://rhn.redhat.com/errata/RHSA-2013-0206.html
[2]  
https://www.redhat.com/security/data/cve/CVE-2013-0218.html
[3]  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions&version=5.2.0

Best regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJRD9s4AAoJEPpzpNLI8SVorWoQAL+Ysj1PuLK+YWu2x43MlBrA
9PbLKh0I6VqzOwB4FwYnBW+5o4JCAJYB/CP4QcGd1D1e3fhdAentdXS0vyHIdb/X
MSysbmHHyYNATABvLVOtoacRTIucTC29QaNwSZ9pAHlIas6KyPGp9/U2Y3uBaoln
CdO3EgkAn1MQv2oe4gCi3WTeGyonxAHWF17ZjiF6fe9C1g5lZ2MoCiTcEV65/S0Z
yGdVwe+7X5VoB7XVUrNldi8a5QSsaK2qTDWMjx3Gxx2aoWvibJSJtljSkk7GoiB+
FJYfIzVHo/C090RtS+Ht3pZmqIIlylPdPgwFywVb15D6WAXKApovfHwHlYKuv5df
FAKu5N8FJFJ0e+FZZajzK7iVMI9TyTfXUMRugL6VZrwTGn07oUhP37KntOwGukwn
4XBXkSCCrla4RwJR2ym9rFe9yObgKt9+ATXt4KCWX05Qe/32yb7aBgmDGu2V2c7H
FImam5/XLQNNUDsmHixuLpJ0KE0Gd/+H1lcee6jXmr+BYMZQQ404+a+OpGhT6iTX
SFE4NXEA9He06Rdrn5KEcqgwVDV61E+VL/IGKwQusUd5bbhue76xFbz9/+zgrZ+m
7bldlBNOUgWQxKNrGJo4YoBz84TmsMYX3PwkXqdFUzFv6Dw9s3kEus0u0HfoRw8z
M66dKM1xqJ4U3u7n0VRh
=eXzj
-----END PGP SIGNATURE-----