JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

Bugtraq ID:	51392
Class:	Unknown
CVE:	CVE-2012-0034
Remote:	No
Local:	Yes
Published:	Dec 30 2011 12:00AM
Updated:	Feb 01 2013 04:50PM
Credit:	Tom Fonteyne
Vulnerable:	Red Hat JBoss Enterprise Web Platform for RHEL 5 Server 5 Red Hat JBoss Enterprise Web Platform for RHEL 4ES 5 Red Hat JBoss Enterprise Web Platform for RHEL 4AS 5 Red Hat JBoss Enterprise BRMS Platform 5.1 Red Hat JBoss Enterprise Application Platform for RHEL 4ES 5 Red Hat JBoss Enterprise Application Platform for RHEL 4AS 5 JBoss Group JBoss Cache 3.2.8.GA
Not Vulnerable:	JBoss Group JBoss Cache 3.2.9.GA

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

JBoss Cache is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks.

JBoss Cache 3.2.8.GA is vulnerable; other versions may also be affected.

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

Local attackers can use standard tools to exploit this issue.

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for more information.

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability

References:

• JBoss Cache Homepage (JBoss Group)
  
• JBoss Cache NonManagedConnectionFactory will log the password in clear text when (JBoss Group)