{"api_version":"1","generated_at":"2026-04-26T02:31:16+00:00","cve":"CVE-2012-0034","urls":{"html":"https://cve.report/CVE-2012-0034","api":"https://cve.report/api/cve/CVE-2012-0034.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-0034","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-0034"},"summary":{"title":"CVE-2012-0034","description":"The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-02-05 23:55:00","updated_at":"2015-01-18 02:59:00"},"problem_types":["CWE-255"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","name":"RHSA-2013:0533","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://issues.jboss.org/browse/JBCACHE-1612","name":"https://issues.jboss.org/browse/JBCACHE-1612","refsource":"CONFIRM","tags":[],"title":"[JBCACHE-1612] JBoss Cache NonManagedConnectionFactory will log the password in clear text when an exception occurs - Red Hat Issue Tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1072.html","name":"RHSA-2012:1072","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-0108.html","name":"RHSA-2012:0108","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","name":"RHSA-2013:0193","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","name":"RHSA-2013:0196","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","name":"RHSA-2013:0191","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=772835","name":"https://bugzilla.redhat.com/show_bug.cgi?id=772835","refsource":"MISC","tags":[],"title":"772835 – (CVE-2012-0034) CVE-2012-0034 JBoss Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","name":"RHSA-2013:0192","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0221.html","name":"RHSA-2013:0221","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","name":"RHSA-2013:0195","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.osvdb.org/78259","name":"78259","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/51984","name":"51984","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/52054","name":"52054","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA52054 - Red Hat update for JBoss Enterprise BRMS Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/51392","name":"51392","refsource":"BID","tags":[],"title":"JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","name":"RHSA-2013:0197","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-0034","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0034","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"5.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"34","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2012-0034","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0191.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0192.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0193.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0195.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0196.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0197.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0221.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0221.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0533.html"},{"url":"http://secunia.com/advisories/51984","refsource":"MISC","name":"http://secunia.com/advisories/51984"},{"url":"http://secunia.com/advisories/52054","refsource":"MISC","name":"http://secunia.com/advisories/52054"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-0108.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-0108.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1072.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1072.html"},{"url":"http://www.osvdb.org/78259","refsource":"MISC","name":"http://www.osvdb.org/78259"},{"url":"http://www.securityfocus.com/bid/51392","refsource":"MISC","name":"http://www.securityfocus.com/bid/51392"},{"url":"https://issues.jboss.org/browse/JBCACHE-1612","refsource":"MISC","name":"https://issues.jboss.org/browse/JBCACHE-1612"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=772835","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=772835"}]}},"nvd":{"publishedDate":"2013-02-05 23:55:00","lastModifiedDate":"2015-01-18 02:59:00","problem_types":["CWE-255"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"34","Ordinal":"52245","Title":"CVE-2012-0034","CVE":"CVE-2012-0034","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"34","Ordinal":"1","NoteData":"The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"34","Ordinal":"2","NoteData":"2013-02-05","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"34","Ordinal":"3","NoteData":"2015-01-13","Type":"Other","Title":"Modified"}]}}}