[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2377Date: (C)2012-11-25   (M)2023-12-22


JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.3
Exploit Score: 6.5
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-49669
SECUNIA-50084
SECUNIA-50549
SECUNIA-51984
BID-54183
OSVDB-83085
RHSA-2012:1028
RHSA-2012:1125
RHSA-2012:1232
RHSA-2013:0191
RHSA-2013:0192
RHSA-2013:0193
RHSA-2013:0194
RHSA-2013:0195
RHSA-2013:0196
RHSA-2013:0197
RHSA-2013:0198
https://bugzilla.redhat.com/show_bug.cgi?id=823392
jboss-jgroups-info-disc(76540)

CPE    25
cpe:/a:redhat:jboss_enterprise_soa_platform:4.2.0
cpe:/a:redhat:jboss_enterprise_soa_platform:4.3.0
cpe:/a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07
cpe:/a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03
...
CWE    1
CWE-287

© SecPod Technologies