CVE-2005-4849

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:derby:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://db.apache.org/derby/releases/release-10.1.2.1.html - Patch () http://db.apache.org/derby/releases/release-10.1.2.1.html - Patch
References () http://issues.apache.org/jira/browse/DERBY-530 - () http://issues.apache.org/jira/browse/DERBY-530 -
References () http://issues.apache.org/jira/browse/DERBY-559 - () http://issues.apache.org/jira/browse/DERBY-559 -

Information

Published : 2005-12-31 05:00

Updated : 2024-11-21 00:05


NVD link : CVE-2005-4849

Mitre link : CVE-2005-4849

CVE.ORG link : CVE-2005-4849


JSON object : View

Products Affected

apache

  • derby
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor