CVE-2012-0034

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2012-0108.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1072.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0533.html
http://secunia.com/advisories/51984	Vendor Advisory
http://secunia.com/advisories/52054	Vendor Advisory
http://www.osvdb.org/78259
http://www.securityfocus.com/bid/51392
https://bugzilla.redhat.com/show_bug.cgi?id=772835
https://issues.jboss.org/browse/JBCACHE-1612
http://rhn.redhat.com/errata/RHSA-2012-0108.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1072.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0533.html
http://secunia.com/advisories/51984	Vendor Advisory
http://secunia.com/advisories/52054	Vendor Advisory
http://www.osvdb.org/78259
http://www.securityfocus.com/bid/51392
https://bugzilla.redhat.com/show_bug.cgi?id=772835
https://issues.jboss.org/browse/JBCACHE-1612

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:::::::*

Configuration 3 (hide)

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:34

Information

Published : 2013-02-05 23:55

Updated : 2024-11-21 01:34

NVD link : CVE-2012-0034

Mitre link : CVE-2012-0034

CVE.ORG link : CVE-2012-0034

JSON object : View

Products Affected

redhat

jboss_enterprise_web_platform
jboss_enterprise_application_platform
jboss_enterprise_brms_platform

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-0034", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-05T23:55:01.287", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2012-0108.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1072.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51984", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52054", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/78259", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/51392", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772835", "source": "secalert@redhat.com"}, {"url": "https://issues.jboss.org/browse/JBCACHE-1612", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0108.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1072.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51984", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52054", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/78259", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51392", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772835", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.jboss.org/browse/JBCACHE-1612", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file."}, {"lang": "es", "value": "El NonManagedConnectionFactory en JBoss Enterprise Application Platform (EAP) v5.1.2 y v5.2.0, Web Platform (EWP) v5.1.2 y v5.2.0, y BRMS Platform anterior a v5.3.1 guarda el nombre de usuario y el password en texto plano cuando una excepci\u00f3n es lanzada, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero de log."}], "lastModified": "2024-11-21T01:34:15.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57FBD0FE-A84D-4707-A2DA-CB9F4920CBA8", "versionEndIncluding": "5.3.0"}], "operator": "OR"}]}], "evaluatorComment": "Per http://rhn.redhat.com/errata/RHSA-2013-0192.html \"This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements.\" Per http://rhn.redhat.com/errata/RHSA-2013-0196.html \"This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements.\"", "sourceIdentifier": "secalert@redhat.com"}

2.1 /10