CVE-2012-0034

{"id": "CVE-2012-0034", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-05T23:55:01.287", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2012-0108.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1072.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51984", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52054", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/78259", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/51392", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772835", "source": "secalert@redhat.com"}, {"url": "https://issues.jboss.org/browse/JBCACHE-1612", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file."}, {"lang": "es", "value": "El NonManagedConnectionFactory en JBoss Enterprise Application Platform (EAP) v5.1.2 y v5.2.0, Web Platform (EWP) v5.1.2 y v5.2.0, y BRMS Platform anterior a v5.3.1 guarda el nombre de usuario y el password en texto plano cuando una excepci\u00f3n es lanzada, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero de log."}], "lastModified": "2015-01-18T02:59:07.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57FBD0FE-A84D-4707-A2DA-CB9F4920CBA8", "versionEndIncluding": "5.3.0"}], "operator": "OR"}]}], "evaluatorComment": "Per http://rhn.redhat.com/errata/RHSA-2013-0192.html \"This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements.\" Per http://rhn.redhat.com/errata/RHSA-2013-0196.html \"This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements.\"", "sourceIdentifier": "secalert@redhat.com"}