Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Remediation

References

CVE-2012-0034

Related Vulnerabilities

Jetty Other Vulnerability (CVE-2020-27216)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-4663)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

WebLogic CVE-2022-21453 Vulnerability (CVE-2022-21453)

Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31043)

Severity

Low

Classification

CVE-2012-0034

Tags

Missing Update Known Vulnerabilities