gsd-2012-5629
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-5629",
"description": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.",
"id": "GSD-2012-5629",
"references": [
"https://access.redhat.com/errata/RHSA-2013:0665",
"https://access.redhat.com/errata/RHSA-2013:0586",
"https://access.redhat.com/errata/RHSA-2013:0533",
"https://access.redhat.com/errata/RHSA-2013:0249",
"https://access.redhat.com/errata/RHSA-2013:0248",
"https://access.redhat.com/errata/RHSA-2013:0234",
"https://access.redhat.com/errata/RHSA-2013:0233",
"https://access.redhat.com/errata/RHSA-2013:0232",
"https://access.redhat.com/errata/RHSA-2013:0231",
"https://access.redhat.com/errata/RHSA-2013:0230",
"https://access.redhat.com/errata/RHSA-2013:0229"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-5629"
],
"details": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.",
"id": "GSD-2012-5629",
"modified": "2023-12-13T01:20:18.832763Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0533.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0229.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0230.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0231.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0232.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0233.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0234.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0248.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0586.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5629"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0229",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
},
{
"name": "RHSA-2013:0230",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
"refsource": "MISC",
"tags": [],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
},
{
"name": "RHSA-2013:0234",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
},
{
"name": "RHSA-2013:0231",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
},
{
"name": "RHSA-2013:0248",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
},
{
"name": "RHSA-2013:0233",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
},
{
"name": "RHSA-2013:0232",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
},
{
"name": "RHSA-2013:0586",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
},
{
"name": "RHSA-2013:0533",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:26Z",
"publishedDate": "2013-03-12T23:55Z"
}
}
}
Loading...