[jboss-jira] [JBoss JIRA] (WFCORE-885) World readable audit.log file
Ondrej Lukas (JIRA)
issues at jboss.org
Mon Aug 17 08:28:27 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas moved JBEAP-722 to WFCORE-885:
-------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-885 (was: JBEAP-722)
Workflow: GIT Pull Request workflow (was: CDW v1)
Affects Version/s: 2.0.0.Beta2
(was: EAP 7.0.0.DR8)
Component/s: Security
(was: Security)
Target Release: (was: EAP 7.0.0.GA)
> World readable audit.log file
> -----------------------------
>
> Key: WFCORE-885
> URL: https://issues.jboss.org/browse/WFCORE-885
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.0.0.Beta2
> Reporter: Ondrej Lukas
> Priority: Blocker
>
> Server logs sensitive information into a world readable audit.log file. This information could be used by a local attacker to gain otherwise protected information about user sessions etc.
> This issue was originally reported as CVE in https://bugzilla.redhat.com/show_bug.cgi?id=1063642. EAP 6.x branches are fixed but same issue occurs in EAP 7 again.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list