Lucene search

[email protected]CVE-2012-3428

HistoryDec 20, 2012 - 12:02 p.m.

CVE-2012-3428

2012-12-2012:02:17

CWE-255

[email protected]

web.nvd.nist.gov

cve-2012-3428

ironjacamar

jboss application server

security vulnerability

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

Affected configurations

NVD

Node

jbossironjacamarRange≤1.0.11

CPENameOperatorVersion
jboss:ironjacamarjboss ironjacamarle1.0.11

CPE	Name	Operator	Version
jboss:ironjacamar	jboss ironjacamar	le	1.0.11

References

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

secunia.com/advisories/51607

bugzilla.redhat.com/show_bug.cgi?id=843358

issues.jboss.org/browse/JBJCA-864

issues.jboss.org/browse/JBPAPP-9584

issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691&version=12319522

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2012-3428

github1 prion1 veracode5 cvelist1 osv1 nvd1 nessus2 redhat3