It was identified that web auditing, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may include passwords used for authentication mechanisms such as BASIC and FORMAUTH. A local attacker, with access to audit logs, could compromise application/server credentials.
This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.1 Via RHSA-2014:0205 https://rhn.redhat.com/errata/RHSA-2014-0205.html
This issue has been addressed in following products: JBEAP 6.2 for RHEL 5 JBEAP 6.2 for RHEL 6 Via RHSA-2014:0204 https://rhn.redhat.com/errata/RHSA-2014-0204.html
This issue has been addressed in following products: JBoss Data Grid 6.3.0 Via RHSA-2014:0895 https://rhn.redhat.com/errata/RHSA-2014-0895.html
IssueDescription: It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.
This issue has been addressed in following products: JBoss Operations Network 3.2.2 Via RHSA-2014:0910 https://rhn.redhat.com/errata/RHSA-2014-0910.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2014:1291 https://rhn.redhat.com/errata/RHSA-2014-1291.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2014:1290 https://rhn.redhat.com/errata/RHSA-2014-1290.html
This issue has been addressed in the following products: JBoss Fuse Service Works 6.0.0 Via RHSA-2014:1995 https://rhn.redhat.com/errata/RHSA-2014-1995.html
This issue has been addressed in the following products: JBoss Data Virtualization 6.0.0 Via RHSA-2015:0034 https://rhn.redhat.com/errata/RHSA-2015-0034.html
This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html