CVE-2012-1100 - OpenCVE

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Operations Network

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_operations_network::::::::
	cpe:2.3:a:redhat:jboss_operations_network:2.0.0:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.0.1:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.1.0:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.2:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.3:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.3.1:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:2.4:::::::*
	cpe:2.3:a:redhat:jboss_operations_network:3.0:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2012-0396.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0406.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=799789

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-14T15:00:00

Updated: 2014-02-14T14:57:01

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1100

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-02-14T15:55:04.813

Modified: 2014-02-14T19:19:22.383

Link: CVE-2012-1100

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C", "versionEndIncluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request."}, {"lang": "es", "value": "Red Hat JBoss Operations Network (JON) 3.0.x anterior a 3.0.1, 2.4.2 y anteriores, cuando la autenticaci\u00f3n LDAP est\u00e1 habilitada y las credenciales de la cuenta LDAP bind no son v\u00e1lidos, permite a atacantes remotos iniciar una sesi\u00f3n en cuentas basadas en LDAP a trav\u00e9s de una contrase\u00f1a arbitraria en una solicitud de inicio de sesi\u00f3n."}], "id": "CVE-2012-1100", "lastModified": "2014-02-14T19:19:22.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-14T15:55:04.813", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0396.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799789"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}