NVD

Id
46739  
Name
CVE-2012-5629  
Description
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2013-03-12  
Modified Date
2015-01-17  
Seq
2012-5629  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
234134 46739 CVE-2012-5629 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569  View
234135 46739 CVE-2012-5629 RHSA-2013:0229  View
234136 46739 CVE-2012-5629 RHSA-2013:0230  View
234137 46739 CVE-2012-5629 RHSA-2013:0231  View
234138 46739 CVE-2012-5629 RHSA-2013:0232  View
234139 46739 CVE-2012-5629 RHSA-2013:0233  View
234140 46739 CVE-2012-5629 RHSA-2013:0234  View
234141 46739 CVE-2012-5629 RHSA-2013:0248  View
234142 46739 CVE-2012-5629 RHSA-2013:0533  View
234143 46739 CVE-2012-5629 RHSA-2013:0586  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
20270 JVNDB-2013-001845 JBoss EAP および EWP における認証を回避される脆弱性 JBoss Enterprise Application Platform (EAP) および Enterprise Web Platform (EWP) の、(1) LdapLoginModule および (2) LdapExtLoginModule モジュールのデフォルト設定には、認証を回避される脆弱性が存在します。 CVE-2012-5629 58867 CVE-2012-5629 46739 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001845.html 2013-02-04 2013-03-18 View