Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:30028
HistoryJan 18, 2012 - 12:00 a.m.

JBoss Cache 'NonManagedConnectionFactory.java'本地信息泄露漏洞

2012-01-1800:00:00
Root
www.seebug.org
19

0.0004 Low

EPSS

Percentile

8.6%

JSON

Bugtraq ID: 51392
CVE ID:CVE-2012-0034

JBoss Cache是针对Java应用的企业级集群解决方案,其目的是通过缓存需要频繁访问的Java对象,提高应用的可用性并大幅度提升应用的整体性能。
JBoss Cache存在安全漏洞,允许本地用户获得敏感信息。

当连接失败时,"getConnection()"函数(jboss/cache/loader/NonManagedConnectionFactory.java)会把用户名和密码记录到日志文件中,本地攻击者可以访问日志信息获得敏感验证信息。
0
JBoss Cache 3.2.8.GA
厂商解决方案

用户可参考如下供应商提供的安全公告获得补丁信息:
https://issues.jboss.org/browse/JBCACHE-1612

Related

redhat 7
prion 1
ubuntucve 1
cve 1
veracode 8
nessus 6
redhat
redhat
(RHSA-2012:0108) Low: jbosscache security update
2012-02-10 00:05:56
(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update
2013-02-20 00:00:00
(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update
2013-01-31 00:00:00
prion
prion
Input validation
2013-02-05 23:55:00
ubuntucve
ubuntucve
CVE-2012-0034
2013-02-05 00:00:00
cve
cve
CVE-2012-0034
2013-02-05 23:55:00
veracode
veracode
Plaintext Weak Encryption
2019-05-02 04:46:04
Privilege Escalation
2019-05-02 04:46:55
Weak Authentication
2019-05-02 04:46:21
nessus
nessus
RHEL 5 : JBoss EWP (RHSA-2013:0196)
2014-11-08 00:00:00
RHEL 6 : JBoss EAP (RHSA-2013:0191)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2013:0192)
2013-01-24 00:00:00

0.0004 Low

EPSS

Percentile

8.6%

JSON
Related for SSV:30028
redhat7prion1ubuntucve1cve1veracode8nessus6