| Vulnerability Name: | CVE-2012-1100 (CCN-74186) | ||||||||
| Assigned: | 2012-03-20 | ||||||||
| Published: | 2012-03-20 | ||||||||
| Updated: | 2014-02-14 | ||||||||
| Summary: | Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-1100 Source: REDHAT Type: Vendor Advisory RHSA-2012:0396 Source: REDHAT Type: Vendor Advisory RHSA-2012:0406 Source: CCN Type: SA48487 Red Hat update for JBoss Operations Network Source: CCN Type: JBoss Web site JBoss Source: CCN Type: OSVDB ID: 80204 JBoss Operations Network LDAP Invalid Bind Credential Handling Authentication Bypass Source: CCN Type: Red Hat Bugzilla Bug 799789 CVE-2012-1100 JON: LDAP authentication allows any user access if bind credentials are bad Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=799789 Source: XF Type: UNKNOWN jon-directory-sec-bypass(74186) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||