Description
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.
Remediation
References
Related Vulnerabilities
WordPress 4.5.x Directory Traversal (4.5 - 4.5.31)
Jenkins CVE-2018-1000408 Vulnerability (CVE-2018-1000408)
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)
Oracle Database Server CVE-2014-6547 Vulnerability (CVE-2014-6547)
WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)