WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Credentials Management Errors Vulnerability (CVE-2012-0034)

Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Remediation

References

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)

WordPress Plugin Display Widgets Cross-Site Scripting (2.03)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.20)

WordPress Plugin Email newsletter Cross-Site Scripting (20.13.6)

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)

Severity

Low

Classification

CVE-2012-0034

Tags

Missing Update Known Vulnerabilities