Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0034

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-0034
Last Modified 17 Jan 2015 09:59:07
Published 05 Feb 2013 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0034

Summary

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 5.1.2

  • Redhat Jboss Enterprise Application Platform 5.2.0

  • Redhat Jboss Enterprise Brms Platform 5.3.0

  • Redhat Jboss Enterprise Web Platform 5.1.2

  • Redhat Jboss Enterprise Web Platform 5.2.0


References

CONFIRM - https://issues.jboss.org/browse/JBCACHE-1612

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=772835

BID - 51392

OSVDB - 78259

SECUNIA - 52054

SECUNIA - 51984

REDHAT - RHSA-2013:0221

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191

REDHAT - RHSA-2012:1072

REDHAT - RHSA-2012:0108

REDHAT - RHSA-2013:0533


Last Updated: 27 May 2016 11:01:48