{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-13T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:0234", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"}, {"name": "RHSA-2013:0586", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"}, {"name": "RHSA-2013:0248", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"}, {"tags": ["x_refsource_MISC"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"}, {"name": "RHSA-2013:0229", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"}, {"name": "RHSA-2013:0230", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"}, {"name": "RHSA-2013:0232", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"}, {"name": "RHSA-2013:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"name": "RHSA-2013:0231", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"}, {"name": "RHSA-2013:0233", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:15.932Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:0234", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"}, {"name": "RHSA-2013:0586", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"}, {"name": "RHSA-2013:0248", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"}, {"name": "RHSA-2013:0229", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"}, {"name": "RHSA-2013:0230", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"}, {"name": "RHSA-2013:0232", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"}, {"name": "RHSA-2013:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"name": "RHSA-2013:0231", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"}, {"name": "RHSA-2013:0233", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5629", "datePublished": "2013-03-12T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:15.932Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de los m\u00f3dulos (1) LdapLoginModule y (2) LdapExtLoginModule en JBoss Enterprise Application Platform (EAP)v 4.3.0 CP10, v5.2.0 y v6.0.1 6.0.1, y Enterprise Web Platform (EWP) v5.2.0, permite a atacantes remotos la autenticaci\u00f3n sin contrase\u00f1a."}], "id": "CVE-2012-5629", "lastModified": "2024-11-21T01:45:00.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-12T23:55:01.380", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0230", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jbosssx2-0:2.0.5-9.SP3_1_patch_01.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0230", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "jbosssx2-0:2.0.5-9.1.SP3_1_patch_01.ep5.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0665", "cpe": "cpe:/a:redhat:jboss_data_grid:6.1.0", "product_name": "JBoss Data Grid 6.1", "release_date": "2013-03-20T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3.1", "product_name": "JBoss Enterprise BRMS Platform 5.3", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0248", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:update10", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3", "release_date": "2013-02-11T00:00:00Z"}, {"advisory": "RHSA-2013:0249", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-12.GA_CP10_patch_01.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2013-02-11T00:00:00Z"}, {"advisory": "RHSA-2013:0249", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-12.GA_CP10_patch_01.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2013-02-11T00:00:00Z"}, {"advisory": "RHSA-2013:0232", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0229", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jbosssx2-0:2.0.5-9.SP3_1_patch_01.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0229", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jbosssx2-0:2.0.5-9.SP3_1_patch_01.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0229", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "jbosssx2-0:2.0.5-9.1.SP3_1_patch_01.ep5.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0234", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1", "product_name": "Red Hat JBoss Enterprise Application Platform 6.0", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0231", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-management-0:7.1.3-5.Final_redhat_5.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0231", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketbox-0:4.0.14-3.Final_redhat_3.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0231", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-management-0:7.1.3-5.Final_redhat_5.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0231", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketbox-0:4.0.14-3.Final_redhat_3.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3.0:update7", "product_name": "Red Hat JBoss Portal 4.3", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2.2", "product_name": "Red Hat JBoss Portal 5.2", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.2.0:update5", "product_name": "Red Hat JBoss SOA Platform 4.2", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0:update5", "product_name": "Red Hat JBoss SOA Platform 4.3", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0533", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0586", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3.1", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0233", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-02-04T00:00:00Z"}], "bugzilla": {"description": "JBoss: allows empty password to authenticate against LDAP", "id": "885569", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=885569"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-20->CWE-305", "details": ["The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."], "name": "CVE-2012-5629", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Affected", "package_name": "picketbox", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3.1", "fix_state": "Not affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss Operations Network 3.1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:4", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss Portal 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.2", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss SOA Platform 4.2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss SOA Platform 4.3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "jbosssx", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2013-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5629\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5629"], "threat_severity": "Important"}