CVE-2012-1100
Last modified
CVE-2012-1100 is a vulnerability of currently unknown severity. Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.. EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Operations Network | <= 2.4.1 |
| Redhat | Jboss Operations Network | 2.0.0 |
| Redhat | Jboss Operations Network | 2.0.1 |
| Redhat | Jboss Operations Network | 2.1.0 |
| Redhat | Jboss Operations Network | 2.2 |
| Redhat | Jboss Operations Network | 2.3 |
| Redhat | Jboss Operations Network | 2.3.1 |
| Redhat | Jboss Operations Network | 2.4 |
| Redhat | Jboss Operations Network | 3.0 |
References
- http://rhn.redhat.com/errata/RHSA-2012-0396.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0406.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0396.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0406.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-1100?
How severe is CVE-2012-1100?
How do I fix CVE-2012-1100?
Are you affected by CVE-2012-1100?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST