Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3431

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3431
Last Modified 27 Nov 2012 12:00:00
Published 23 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3431

Summary

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Data Services Platform 5.1.0

  • Redhat Jboss Enterprise Data Services Platform 5.2.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=843669

XF - teiid-jdbc-info-disc(78803)

BID - 55634

REDHAT - RHSA-2012:1301


Last Updated: 27 May 2016 10:58:30