Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5629

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5629
Last Modified 17 Jan 2015 09:59:15
Published 12 Mar 2013 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5629

Summary

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 4.3.0

  • Redhat Jboss Enterprise Application Platform 5.2.0

  • Redhat Jboss Enterprise Application Platform 6.0.1

  • Redhat Jboss Enterprise Web Platform 5.2.0


References

REDHAT - RHSA-2013:0248

REDHAT - RHSA-2013:0234

REDHAT - RHSA-2013:0233

REDHAT - RHSA-2013:0232

REDHAT - RHSA-2013:0231

REDHAT - RHSA-2013:0230

REDHAT - RHSA-2013:0229

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569

REDHAT - RHSA-2013:0586

REDHAT - RHSA-2013:0533


Last Updated: 27 May 2016 11:02:02