CVE-2005-4849

Currently unrated

Key Information:

Vendor: Apache
Status: Derby
Vendor: CVE Published:; 31 December 2005

Summary

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

References

http://issues.apache.org/jira/browse/DERBY-559

x_refsource_CONFIRM

http://issues.apache.org/jira/browse/DERBY-530

x_refsource_CONFIRM

http://db.apache.org/derby/releases/release-10.1.2.1.html

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2005