Description
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9700)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3663)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)
Cherokee Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-2191)
WordPress Plugin Woocommerce Categories in gallery format Cross-Site Scripting (1.0.1)