Red Hat Bugzilla – Bug 843335
CVE-2012-3427 JBoss EAP 5 AMI: insecure default file permissions for /var/cache/jboss-ec2-eap
Last modified: 2014-10-20 20:03:08 EDT
On the JBoss EAP 5 EC2 AMI, the /var/cache/jboss-ec2-eap directory has default permissions of 755. A local attacker could exploit these insecure permissions to read potentially sensitive information from this directory, such as AWS credentials.
This issue was discovered by Aleksandar Kostadinov of the Red Hat QE Team.
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2012:1376 https://rhn.redhat.com/errata/RHSA-2012-1376.html