What is the severity of CVE-2013-3734?

CVE-2013-3734 is considered a high severity vulnerability due to the exposure of sensitive information.

How do I fix CVE-2013-3734?

To fix CVE-2013-3734, you should upgrade to a version of JBoss Application Server that no longer includes cleartext passwords in HTML responses.

What types of attacks can exploit CVE-2013-3734?

CVE-2013-3734 can be exploited by man-in-the-middle attackers who intercept unencrypted traffic and obtain sensitive information.

Which versions of JBoss Application Server are affected by CVE-2013-3734?

CVE-2013-3734 affects all versions of JBoss Application Server up to and including 1.2.

What kind of sensitive information is exposed in CVE-2013-3734?

CVE-2013-3734 exposes the datasource password in cleartext, which can lead to unauthorized access.

Vulnerability/
CVE-2013-3734

medium

6.6

CWE

255

7/6/2013

24/10/2017

6/8/2024

CVE-2013-3734

First published: Fri Jun 07 2013(Updated: )

** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Red Hat JBoss Application Server	<=1.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-3734?
CVE-2013-3734 is considered a high severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2013-3734?
To fix CVE-2013-3734, you should upgrade to a version of JBoss Application Server that no longer includes cleartext passwords in HTML responses.
What types of attacks can exploit CVE-2013-3734?
CVE-2013-3734 can be exploited by man-in-the-middle attackers who intercept unencrypted traffic and obtain sensitive information.
Which versions of JBoss Application Server are affected by CVE-2013-3734?
CVE-2013-3734 affects all versions of JBoss Application Server up to and including 1.2.
What kind of sensitive information is exposed in CVE-2013-3734?
CVE-2013-3734 exposes the datasource password in cleartext, which can lead to unauthorized access.

agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-3734
agent/severity
agent/weakness
agent/references
agent/author
agent/status
agent/description
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/redhat
canonical/red hat jboss application server
version/red hat jboss application server/1.2
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.