Vulnerability Details : CVE-2012-5629
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Exploit prediction scoring system (EPSS) score for CVE-2012-5629
Probability of exploitation activity in the next 30 days: 1.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5629
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-5629
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5629
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569
885569 – (CVE-2012-5629) CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP
-
http://rhn.redhat.com/errata/RHSA-2013-0230.html
RHSA-2013:0230 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0234.html
RHSA-2013:0234 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0533.html
RHSA-2013:0533 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0248.html
RHSA-2013:0248 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0232.html
RHSA-2013:0232 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0586.html
RHSA-2013:0586 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0231.html
RHSA-2013:0231 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0229.html
RHSA-2013:0229 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0233.html
RHSA-2013:0233 - Security Advisory - Red Hat Customer PortalVendor Advisory
Products affected by CVE-2012-5629
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*