CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
15.7%
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 5.5.0 | cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* |
apache | tomcat | 5.5.1 | cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* |
apache | tomcat | 5.5.2 | cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* |
apache | tomcat | 5.5.3 | cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* |
apache | tomcat | 5.5.4 | cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* |
apache | tomcat | 5.5.5 | cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* |
apache | tomcat | 5.5.6 | cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* |
apache | tomcat | 5.5.7 | cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* |
apache | tomcat | 5.5.8 | cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* |
apache | tomcat | 5.5.9 | cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* |
lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
marc.info/?l=bugtraq&m=132215163318824&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
secunia.com/advisories/44981
secunia.com/advisories/48308
secunia.com/advisories/57126
securitytracker.com/id?1025712
support.apple.com/kb/HT5130
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.debian.org/security/2012/dsa-2401
www.mandriva.com/security/advisories?name=MDVSA-2011:156
www.osvdb.org/73429
www.redhat.com/support/errata/RHSA-2011-1845.html
www.securityfocus.com/bid/48456
bugzilla.redhat.com/show_bug.cgi?id=717013
exchange.xforce.ibmcloud.com/vulnerabilities/68238
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532