Information disclosure in Apache Derby
CVE-2005-4849
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attack…
Vulnerability class: Information Disclosure
EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.
Affected products
- Apache Derby
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
Frequently asked questions
- What is CVE-2005-4849?
- CVE-2005-4849 is a vulnerability in Apache Derby, classified under Information Disclosure. Published 2005-12-31.
- Is CVE-2005-4849 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.