CVE-2014-0199 CVE-2014-0200 CVE-2014-0201 POC
来源:互联网 发布:朱慈勉 知乎 编辑:程序博客网 时间:2024/05/16 03:12
It was found that the ovirt-engine-reports setup script logged the reports
database password in plain text to a world-readable file. An attacker with
a local user account on the Red Hat Enterprise Virtualization Manager
server could use this flaw to access, read, and modify the reports
database. (CVE-2014-0199)
Note: Applying the update provided by this advisory does not modify any
existing log files. It is recommended that you search your existing log
files and remove any occurrences of plain text passwords manually.
It was found that the Red Hat Enterprise Virtualization Manager reports
datasource configuration file (js-jboss7-ds.xml) was world-readable.
An attacker with a local user account on the Red Hat Enterprise
Virtualization Manager server could use this flaw to access, read, and
modify the reports database. (CVE-2014-0200)
It was found that multiple ovirt-engine-reports configuration files were
world-readable. An attacker with a local user account on the Red Hat
Enterprise Virtualization Manager server could use this flaw to access a
database password in plain text to a world-readable file. An attacker with
a local user account on the Red Hat Enterprise Virtualization Manager
server could use this flaw to access, read, and modify the reports
database. (CVE-2014-0199)
Note: Applying the update provided by this advisory does not modify any
existing log files. It is recommended that you search your existing log
files and remove any occurrences of plain text passwords manually.
It was found that the Red Hat Enterprise Virtualization Manager reports
datasource configuration file (js-jboss7-ds.xml) was world-readable.
An attacker with a local user account on the Red Hat Enterprise
Virtualization Manager server could use this flaw to access, read, and
modify the reports database. (CVE-2014-0200)
It was found that multiple ovirt-engine-reports configuration files were
world-readable. An attacker with a local user account on the Red Hat
Enterprise Virtualization Manager server could use this flaw to access a
variety of potentially sensitive information. (CVE-2014-0201)
https://rhn.redhat.com/errata/RHSA-2014-0558.html
0 0
- CVE-2014-0199 CVE-2014-0200 CVE-2014-0201 POC
- CVE-2014-0243 POC
- CVE-2014-0246 POC
- CVE-2014-4114 和 CVE-2014-3566
- cve-2014-6332
- 浅析CVE-2014-0196
- CVE-2014-4322
- CVE-2014-3153笔记
- CVE-2014-3153
- CVE
- CVE-2013-0191 PoC
- CVE-2017-0214Poc
- CVE-2014-0196(马拉松bug)
- CVE-2014-0195漏洞分析
- CVE-2014-6332调试分析
- CVE-2014-0160 Heartbleed Bug
- WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242)
- CVE-2017-8464 转载poc
- 查看Linux版本号的三种办法
- Exar推出4级IECESD保护的业界最低功耗容错收发器
- 第六章_其他字符串问题
- 怎样解决Java Web项目更改项目名后报错
- Alliance Memory
- CVE-2014-0199 CVE-2014-0200 CVE-2014-0201 POC
- 将整数字符串转换成整数输出(JAVA实现,不能用自带函数)
- 帮你分析电信宽带和长城宽带选择哪个好
- 余额宝业务架构 收藏备用
- JavaScript 插件的书页翻转效果
- 怎样解决MySQL数据库主从复制延迟的问题
- loaded some nib but the view outlet was not set
- CVE-2014-0246 POC
- iOS学习笔记