CVE-2012-0034 in JBossinfo

Summary

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

ID	Vulnerability	CWE	Exp	Cou	CVE
4547	Red Hat JBoss Cache NonManagedConnectionFactory.java getConnection credentials management	255	Not defined	Official fix	CVE-2012-0034

Reservation

12/07/2011

Disclosure

02/05/2013

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-0034
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0034
CVE Details	https://www.cvedetails.com/cve/CVE-2012-0034/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!