Required CVE Record Information
Description
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
References 6 Total
- lists.fedoraproject.org: FEDORA-2015-8867 vendor-advisory
- http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372
- rhn.redhat.com: RHSA-2015:1052 vendor-advisory
- securityfocus.com: 75066 vdb-entry
- lists.fedoraproject.org: FEDORA-2015-8919 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- lists.fedoraproject.org: FEDORA-2015-8867 vendor-advisoryx_transferred
- http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a x_transferred
- http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372 x_transferred
- rhn.redhat.com: RHSA-2015:1052 vendor-advisoryx_transferred
- securityfocus.com: 75066 vdb-entryx_transferred
- lists.fedoraproject.org: FEDORA-2015-8919 vendor-advisoryx_transferred