CVE-2012-0034 - OpenCVE

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:::::::*

Configuration 3 [-]

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2012-0108.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1072.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0533.html
http://secunia.com/advisories/51984	Vendor Advisory
http://secunia.com/advisories/52054	Vendor Advisory
http://www.osvdb.org/78259
http://www.securityfocus.com/bid/51392
https://bugzilla.redhat.com/show_bug.cgi?id=772835
https://issues.jboss.org/browse/JBCACHE-1612

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-05T23:11:00

Updated: 2015-01-13T17:57:00

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0034

JSON object: View

NVD Information

Status : Modified

Published: 2013-02-05T23:55:01.287

Modified: 2015-01-18T02:59:07.413

Link: CVE-2012-0034

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-13T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "78259", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/78259"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772835"}, {"name": "RHSA-2013:0192", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"}, {"name": "RHSA-2013:0195", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"}, {"name": "RHSA-2013:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"}, {"name": "RHSA-2013:0196", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.jboss.org/browse/JBCACHE-1612"}, {"name": "51392", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51392"}, {"name": "RHSA-2012:1072", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1072.html"}, {"name": "RHSA-2013:0193", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"}, {"name": "RHSA-2012:0108", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0108.html"}, {"name": "51984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51984"}, {"name": "52054", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52054"}, {"name": "RHSA-2013:0191", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"}, {"name": "RHSA-2013:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"name": "RHSA-2013:0197", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0034", "datePublished": "2013-02-05T23:11:00", "dateReserved": "2011-12-07T00:00:00", "dateUpdated": "2015-01-13T17:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "57FBD0FE-A84D-4707-A2DA-CB9F4920CBA8", "versionEndIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file."}, {"lang": "es", "value": "El NonManagedConnectionFactory en JBoss Enterprise Application Platform (EAP) v5.1.2 y v5.2.0, Web Platform (EWP) v5.1.2 y v5.2.0, y BRMS Platform anterior a v5.3.1 guarda el nombre de usuario y el password en texto plano cuando una excepci\u00f3n es lanzada, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un fichero de log."}], "evaluatorComment": "Per http://rhn.redhat.com/errata/RHSA-2013-0192.html \"This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements.\" Per http://rhn.redhat.com/errata/RHSA-2013-0196.html \"This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements.\"", "id": "CVE-2012-0034", "lastModified": "2015-01-18T02:59:07.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-05T23:55:01.287", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0108.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1072.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51984"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52054"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/78259"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/51392"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772835"}, {"source": "secalert@redhat.com", "url": "https://issues.jboss.org/browse/JBCACHE-1612"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}