{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-8867", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372"}, {"name": "RHSA-2015:1052", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1052.html"}, {"name": "75066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75066"}, {"name": "FEDORA-2015-8919", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.009Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-8867", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372"}, {"name": "RHSA-2015:1052", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1052.html"}, {"name": "75066", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75066"}, {"name": "FEDORA-2015-8919", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3201", "datePublished": "2015-06-08T14:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.009Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:thermostat:*:*:*:*:*:*:*:*", "matchCriteriaId": "A84E29F0-E116-4ADF-BCD4-3F5D7476030C", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file."}, {"lang": "es", "value": "Thermostat anterior a 2.0.0 utiliza permisos de lectura universal para el fichero de configuraciones web.xml, lo que permite a usuarios locales obtener credenciales de usuario mediante la lectura del fichero."}], "id": "CVE-2015-3201", "lastModified": "2023-02-13T00:47:57.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-08T14:59:10.350", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372"}, {"source": "secalert@redhat.com", "url": "http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1052.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/75066"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Red Hat Thermostat Team.", "affected_release": [{"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-0:2.0-60.9.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-apache-commons-fileupload-0:1.3-60.7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jcommon-0:1.0.18-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jfreechart-0:1.0.14-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jline2-0:2.10-60.6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-netty-0:3.6.3-60.4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-thermostat-0:1.2.0-60.10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-0:2.0-60.9.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-apache-commons-fileupload-0:1.3-60.7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jcommon-0:1.0.18-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jfreechart-0:1.0.14-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jline2-0:2.10-60.6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-netty-0:3.6.3-60.4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-thermostat-0:1.2.0-60.10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-0:2.0-60.9.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-apache-commons-fileupload-0:1.3-60.7.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jcommon-0:1.0.18-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jfreechart-0:1.0.14-60.5.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-jline2-0:2.10-60.6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-netty-0:3.6.3-60.4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "thermostat1-thermostat-0:1.2.0-60.10.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-0:2.0-70.9.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-apache-commons-fileupload-0:1.3-70.3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-jcommon-0:1.0.18-70.5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-jfreechart-0:1.0.14-70.4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-jline2-0:2.10-70.3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-netty-0:3.6.3-70.4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}, {"advisory": "RHSA-2015:1052", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "thermostat1-thermostat-0:1.2.0-70.12.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2015-06-04T00:00:00Z"}], "bugzilla": {"description": "thermostat: world-readable configuration file containing credentials", "id": "1221989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221989"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "(CWE-732|CWE-522)", "details": ["Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.", "It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVMs."], "name": "CVE-2015-3201", "package_state": [{"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "thermostat1-thermostat", "product_name": "Red Hat Software Collections"}], "public_date": "2015-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3201\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3201"], "threat_severity": "Moderate"}