CVE-2012-0034

Published Feb 5, 2013

Last updated 3 months ago

CVSS info 2.1

Overview

Description: The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Evaluator

Comment: Per http://rhn.redhat.com/errata/RHSA-2013-0192.html "This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements." Per http://rhn.redhat.com/errata/RHSA-2013-0196.html "This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements."
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57FBD0FE-A84D-4707-A2DA-CB9F4920CBA8",
            "versionEndIncluding": "5.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References