Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

CVE-2012-0034

The CVE affects JBoss components where NonManagedConnectionFactory logs the username and password in cleartext during exception handling, risking local disclosure of credentials for EAP 5.1.2/5.2.0, EWP 5.1.2/5.2.0, and BRMS Platform before 5.3.1. Impact is limited to local confidentiality exposu...

CVE-2012-0034

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...

Low: Red Hat Security Advisory: jbosscache security update

An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

JBoss Cache 'NonManagedConnectionFactory.java'本地信息泄露漏洞

Bugtraq ID: 51392 CVE ID：CVE-2012-0034 JBoss Cache是针对Java应用的企业级集群解决方案，其目的是通过缓存需要频繁访问的Java对象，提高应用的可用性并大幅度提升应用的整体性能。 JBoss Cache存在安全漏洞，允许本地用户获得敏感信息。 当连接失败时，"getConnection"函数jboss/cache/loader/NonManagedConnectionFactory.java会把用户名和密码记录到日志文件中，本地攻击者可以访问日志信息获得敏感验证信息。 0 JBoss Cache 3.2.8.GA 厂商解决方案...