Описание
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Portal 5 | Requirements | Will not fix | ||
| Red Hat JBoss Portal 6 | Requirements | Affected | ||
| Red Hat JBoss Portal Platform 6.1 | Fixed | RHSA-2013:1437 | 16.10.2013 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS2
Связанные уязвимости
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
3.3 Low
CVSS2