Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3428

Опубликовано: 18 дек. 2012
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Enterprise Web Server 1unknownUnder investigation
Red Hat JBoss Enterprise Application Platform 6.0FixedRHSA-2012:159418.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5antlr-eap6FixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-beanutilsFixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-cliFixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-codec-eap6FixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-collectionsFixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-collections-eap6FixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-configurationFixedRHSA-2012:159118.12.2012
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-daemon-jsvc-eap6FixedRHSA-2012:159118.12.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=843358JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

EPSS

Процентиль: 67%
0.00546
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2012-3428

nvd
около 13 лет назад

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.

debian логотип

CVE-2012-3428

debian
около 13 лет назад

The IronJacamar container before 1.0.12.Final for JBoss Application Se ...

github логотип

GHSA-ppg2-ww3w-hq84

github
больше 3 лет назад

User confusion in IronJacamar

EPSS

Процентиль: 67%
0.00546
Низкий

4.3 Medium

CVSS2