CVE-2012-5629

{"id": "CVE-2012-5629", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-12T23:55:01.380", "references": [{"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de los m\u00f3dulos (1) LdapLoginModule y (2) LdapExtLoginModule en JBoss Enterprise Application Platform (EAP)v 4.3.0 CP10, v5.2.0 y v6.0.1 6.0.1, y Enterprise Web Platform (EWP) v5.2.0, permite a atacantes remotos la autenticaci\u00f3n sin contrase\u00f1a."}], "lastModified": "2023-02-13T00:26:57.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}