CVE-2013-3734

Name of the Vulnerable Software and Affected Versions: JBoss Application Server (affected versions not specified)

Description: The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses. This might allow man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or attackers to obtain sensitive information by reading the HTML source code. The vendor notes that this does not cross a trust boundary and recommends configuring SSL for the administrative console as best practice.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.