CVE-2013-3734

CWE-2554 documents4 sources

Severity

6.6MEDIUM

EPSS

0.8%

top 26.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Application Server

Timeline

PublishedOct 24

Latest updateMay 17

Description

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/jboss_application_server1.2

🔴Vulnerability Details

GHSA

GHSA-c8xf-g2jm-5g5w: ** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which↗2022-05-17

▶

CVEList

CVE-2013-3734: The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1↗2017-10-24

▶

💬Community

Bugzilla

CVE-2013-3734 Embedded Jopr: Datasource password visible to administrator↗2013-06-07

▶