CVE-2005-4849

NameCVE-2005-4849
DescriptionApache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
derby (PTS)bookworm, bullseye10.14.2.0-2fixed
forky, sid, trixie10.14.2.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
derbysource(unstable)(not affected)

Notes

- derby <not-affected> (Fixed before initial upload to Debian)
http://issues.apache.org/jira/browse/DERBY-530
http://issues.apache.org/jira/browse/DERBY-559
Search for package or bug name: Reporting problems