Information disclosure in Apache Derby

CVE-2005-4849

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attack…

Vulnerability class: Information Disclosure

EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2005-4849?
CVE-2005-4849 is a vulnerability in Apache Derby, classified under Information Disclosure. Published 2005-12-31.
Is CVE-2005-4849 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.