Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
References
Configurations
History
21 Nov 2024, 00:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://db.apache.org/derby/releases/release-10.1.2.1.html - Patch | |
References | () http://issues.apache.org/jira/browse/DERBY-530 - | |
References | () http://issues.apache.org/jira/browse/DERBY-559 - |
Information
Published : 2005-12-31 05:00
Updated : 2024-11-21 00:05
NVD link : CVE-2005-4849
Mitre link : CVE-2005-4849
CVE.ORG link : CVE-2005-4849
JSON object : View
Products Affected
apache
- derby
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor