CVE-2012-0034 : The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Published 2013-02-05 23:55:01

Updated 2015-01-18 02:59:07

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-0034

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0034

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-0034

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0034

http://rhn.redhat.com/errata/RHSA-2013-0196.html

RHSA-2013:0196 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0197.html

Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0191.html

RHSA-2013:0191 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0193.html

Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0195.html

RHSA-2013:0195 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=772835

772835 – (CVE-2012-0034) CVE-2012-0034 JBoss Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
http://rhn.redhat.com/errata/RHSA-2012-1072.html

Red Hat Customer Portal
https://issues.jboss.org/browse/JBCACHE-1612

[JBCACHE-1612] JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs - JBoss Issue Tracker
http://rhn.redhat.com/errata/RHSA-2013-0533.html

RHSA-2013:0533 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0192.html

RHSA-2013:0192 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0221.html

RHSA-2013:0221 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/51392

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability
http://rhn.redhat.com/errata/RHSA-2012-0108.html

RHSA-2012:0108 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

Products affected by CVE-2012-0034

Redhat » Jboss Enterprise Application Platform » Version: 5.1.2
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Application Platform » Version: 5.2.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Platform » Version: 5.2.0
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Platform » Version: 5.1.2
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Brms Platform
Versions up to, including, (<=) 5.3.0
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0034

Exploit prediction scoring system (EPSS) score for CVE-2012-0034

CVSS scores for CVE-2012-0034

CWE ids for CVE-2012-0034

References for CVE-2012-0034

Products affected by CVE-2012-0034