Lucene search

[email protected]CVE-2014-0085

HistoryApr 17, 2014 - 2:55 p.m.

CVE-2014-0085

2014-04-1714:55:06

CWE-255

[email protected]

web.nvd.nist.gov

cve-2014-0085

jboss fuse

apache zookeeper

sensitive information disclosure

encrypted passwords

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Affected configurations

NVD

Node

redhatjboss_a-mqMatch6.0.0

redhatjboss_fuseMatch6.0.0

CPENameOperatorVersion
redhat:jboss_a-mqredhat jboss a-mqeq6.0.0
redhat:jboss_fuseredhat jboss fuseeq6.0.0

CPE	Name	Operator	Version
redhat:jboss_a-mq	redhat jboss a-mq	eq	6.0.0
redhat:jboss_fuse	redhat jboss fuse	eq	6.0.0

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0085

osv1 ubuntucve1 cvelist1 nvd1 prion1 github1 redhat2