Description

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Remediation

References

CVE-2012-0034

Related Vulnerabilities

WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19799)

PostgreSQL Numeric Errors Vulnerability (CVE-2010-0442)

WordPress Plugin Flash Photo Gallery Cross-Site Scripting (0.7)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3658)

Severity

Low

Classification

CVE-2012-0034

Tags

Missing Update Known Vulnerabilities