Detections
Analytics

CVE-2012-0034

medium

Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

References

https://issues.jboss.org/browse/JBCACHE-1612

https://bugzilla.redhat.com/show_bug.cgi?id=772835

http://www.securityfocus.com/bid/51392

http://www.osvdb.org/78259

http://secunia.com/advisories/52054

http://secunia.com/advisories/51984

http://rhn.redhat.com/errata/RHSA-2013-0533.html

http://rhn.redhat.com/errata/RHSA-2013-0221.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2012-1072.html

http://rhn.redhat.com/errata/RHSA-2012-0108.html

Details

Source: Mitre, NVD

Published: 2013-02-05

Updated: 2015-01-18

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium