Vulnerability Details CVE-2012-5629
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569
- http://rhn.redhat.com/errata/RHSA-2013-0229.html
- http://rhn.redhat.com/errata/RHSA-2013-0230.html
- http://rhn.redhat.com/errata/RHSA-2013-0231.html
- http://rhn.redhat.com/errata/RHSA-2013-0232.html
- http://rhn.redhat.com/errata/RHSA-2013-0233.html
- http://rhn.redhat.com/errata/RHSA-2013-0234.html
- http://rhn.redhat.com/errata/RHSA-2013-0248.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://rhn.redhat.com/errata/RHSA-2013-0586.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569
- http://rhn.redhat.com/errata/RHSA-2013-0229.html
- http://rhn.redhat.com/errata/RHSA-2013-0230.html
- http://rhn.redhat.com/errata/RHSA-2013-0231.html
- http://rhn.redhat.com/errata/RHSA-2013-0232.html
- http://rhn.redhat.com/errata/RHSA-2013-0233.html
- http://rhn.redhat.com/errata/RHSA-2013-0234.html
- http://rhn.redhat.com/errata/RHSA-2013-0248.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://rhn.redhat.com/errata/RHSA-2013-0586.html
Products affected by CVE-2012-5629
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0