Lucene search

K
redhatRedHatRHSA-2012:0108
HistoryFeb 10, 2012 - 12:05 a.m.

(RHSA-2012:0108) Low: jbosscache security update

2012-02-1000:05:56
access.redhat.com
6

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

JBoss Cache is the clustering backbone for data distribution in JBoss
Enterprise Application Platform. It provides the backing implementation
for web session replication, stateful session bean replication and entity
caching.

It was found that NonManagedConnectionFactory would log the username and
password in plain text when an exception was thrown. This could lead to the
exposure of authentication credentials if local users had permissions to
read the log file. (CVE-2012-0034)

Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform’s
“jboss-as/server/[PROFILE]/lib/jbosscache-core.jar” file.

All users of JBoss Enterprise Application Platform 5.1.2 as provided from
the Red Hat Customer Portal are advised to install this update. Refer to
the Solution section for installation information.

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

Related for RHSA-2012:0108