The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/60429 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=971637 | Issue Tracking Vendor Advisory |
https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/ | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-24T15:00:00
Updated: 2017-10-24T14:57:02
Reserved: 2013-05-31T00:00:00
Link: CVE-2013-3734
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-24T15:29:00.200
Modified: 2024-05-17T00:55:59.247
Link: CVE-2013-3734
JSON object: View
Redhat Information
No data.
CWE