Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3431

Опубликовано: 19 июл. 2012
Источник: redhat
CVSS2: 3.3
EPSS Низкий

Описание

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss SOA Platform 5EDSAffected
JBoss Enterprise Data Services Platform 5.3FixedRHSA-2012:130120.09.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=843669Teiid: JDBC socket does not encrypt client login messages by default

EPSS

Процентиль: 56%
0.00343
Низкий

3.3 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2012-3431

nvd
около 13 лет назад

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

github логотип

GHSA-qg78-xgfv-hmc9

github
больше 3 лет назад

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack.

EPSS

Процентиль: 56%
0.00343
Низкий

3.3 Low

CVSS2