CVE-2005-4849

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

2.6%

Exploitation probability in 30 days

Top 14% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: December 31, 2005 (7439 days ago)

Last Modified: April 16, 2026

Vendor: Apache

Source: NVD

Description

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

CWE

CWE-200

Affected Products

apache derby

References

🔗 db.apache.org 🔗 issues.apache.org 🔗 issues.apache.org 🔗 db.apache.org 🔗 issues.apache.org

CVE-2005-4849

Vulnerability Report

Description

CWE

Affected Products

References