CVE-2013-4452
ON: World readable configuration files expose sensitive data
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.
Red Hat JBoss Operations Network 3.1.2 utiliza permisos de lectura globales para ficheros de configuración de (1) servidor y (2) agente, lo cual permite a usuarios locales obtener credenciales de autenticación y otra información sensible no especificada mediante la lectura de dichos ficheros.
Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operation Network configuration files, for both the server and the agent, were world readable by default. A malicious local user could possibly read sensitive information regarding the installation, including various authentication credentials. This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-26 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/63916 | Vdb Entry | |
http://www.securitytracker.com/id/1029390 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-1762.html | 2013-12-26 | |
http://secunia.com/advisories/55852 | 2013-12-26 | |
https://access.redhat.com/security/cve/CVE-2013-4452 | 2013-11-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1021756 | 2013-11-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 3.1.2 Search vendor "Redhat" for product "Jboss Operations Network" and version "3.1.2" | - |
Affected
|