| VID |
14095 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
jboss-service.xml which is the configuration file of JBOSS Application Server is not safe for secuirty reasons.
jboss-service.xml is the configuration file which has the information related to the server. If there is permission to write to the file, Serious problems can occur for secuirty reason. Therefore, Restriction is necessary for non-administrative users to write.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Remove other user's write permissions from the file as the following
chmod o-w (if the group has write permission: g-w) ./jboss-service.xml
ex) chmod o-w JBOSS_HOME/server/default/conf/jboss-service.xml
ex) chmod g-w JBOSS_HOME/server/default/conf/jboss-service.xml |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
