2.1 CVE-2012-0034

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
https://nvd.nist.gov/vuln/detail/CVE-2012-0034

References

BID

51392

CONFIRM

https://issues.jboss.org/browse/JBCACHE-1612

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=772835

OSVDB

78259

REDHAT

RHSA-2012:0108 Vendor Advisory
RHSA-2012:1072
RHSA-2013:0191
RHSA-2013:0192 Vendor Advisory
RHSA-2013:0193
RHSA-2013:0195 Vendor Advisory
RHSA-2013:0196 Vendor Advisory
RHSA-2013:0197 Vendor Advisory
RHSA-2013:0221
RHSA-2013:0533

SECUNIA

51984 Vendor Advisory
52054 Vendor Advisory

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:::::::*
Configuration 2
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:::::::*
Configuration 3
cpe:2.3:a:redhat:jboss_enterprise_brms_platform::::::::		<= 5.3.0

Exploits

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

id	description	severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution