This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated packages that provide Red Hat JBoss Enterprise Application
Platform 6.2.3 and fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that the security auditing functionality provided by
PicketBox and JBossSX, both security frameworks for Java applications,
used a world-readable audit.log file to record sensitive information.
A local user could possibly use this flaw to gain access to the
sensitive information in the audit.log file. (CVE-2014-0059)
This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.2.2, and includes bug fixes and enhancements.
Documentation for these changes will be available shortly from the Red
Hat JBoss Enterprise Application Platform 6.2.3 Release Notes, linked
to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red
Hat Enterprise Linux 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 74206 ()
Bugtraq ID: 67683
CVE ID: CVE-2014-0059
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.