{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2014:0204", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0204.html"}, {"name": "RHSA-2015:0034", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html"}, {"name": "RHSA-2014:0205", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0205.html"}, {"name": "65762", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65762"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:38.272Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:0204", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0204.html"}, {"name": "RHSA-2015:0034", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html"}, {"name": "RHSA-2014:0205", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0205.html"}, {"name": "65762", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65762"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0058", "datePublished": "2014-02-26T15:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:38.272Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF680478-162A-4F7B-B9BA-C407FA3C0EEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "82B6C055-25E2-4C78-ACA7-D722848BDBC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files."}, {"lang": "es", "value": "La funcionalidad de auditor\u00eda de seguridad en Red Hat JBoss Enterprise Application Platform (EAP) 6.x anterior a 6.2.1 registra par\u00e1metros de solicitud en texto claro, lo que podr\u00eda permitir a usuarios locales obtener contrase\u00f1as mediante la lectura de los archivos de log."}], "id": "CVE-2014-0058", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-26T15:55:08.953", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0204.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0205.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/65762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0204.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0205.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65762"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1291", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "eap", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2014-09-23T00:00:00Z"}, {"advisory": "RHSA-2014:1290", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "eap", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2014-09-23T00:00:00Z"}, {"advisory": "RHSA-2014:0895", "cpe": "cpe:/a:redhat:jboss_data_grid:6.3.0", "package": "eap", "product_name": "Red Hat JBoss Data Grid 6.3", "release_date": "2014-07-16T00:00:00Z"}, {"advisory": "RHSA-2015:0034", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.0", "package": "eap", "product_name": "Red Hat JBoss Data Virtualization 6.0", "release_date": "2015-01-12T00:00:00Z"}, {"advisory": "RHSA-2014:0205", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.2", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2", "release_date": "2014-02-24T00:00:00Z"}, {"advisory": "RHSA-2014:0204", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-web-0:7.3.1-4.Final_redhat_4.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5", "release_date": "2014-02-24T00:00:00Z"}, {"advisory": "RHSA-2014:0204", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-web-0:7.3.1-4.Final_redhat_4.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6", "release_date": "2014-02-24T00:00:00Z"}, {"advisory": "RHSA-2014:1995", "cpe": "cpe:/a:redhat:jboss_fuse_service_works:6.0", "package": "eap", "product_name": "Red Hat JBoss Fuse Service Works 6.0", "release_date": "2014-12-15T00:00:00Z"}, {"advisory": "RHSA-2014:0910", "cpe": "cpe:/a:redhat:jboss_operations_network:3.2.2", "product_name": "Red Hat JBoss Operations Network 3.2", "release_date": "2014-07-21T00:00:00Z"}, {"advisory": "RHSA-2015:1009", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "package": "eap", "product_name": "Red Hat JBoss Portal 6.2", "release_date": "2015-05-14T00:00:00Z"}], "bugzilla": {"description": "EAP6: Plain text password logging during security audit", "id": "1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.", "It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials."], "name": "CVE-2014-0058", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "audit", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Affected", "package_name": "eap", "product_name": "Red Hat JBoss Operations Network 3"}], "public_date": "2014-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0058\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0058"], "threat_severity": "Low"}