CVE-2016-2141

Опубликовано: 23 июн. 2016

Источник: redhat

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

Меры по смягчению последствий

Please refer to https://access.redhat.com/articles/2360521 for more information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat AMQ Broker 7	JGroups	Not affected
Red Hat BPM Suite 6	Clustering	Affected
Red Hat Enterprise Virtualization 3	distribution	Not affected
Red Hat Fuse 7	camel	Not affected
Red Hat JBoss BRMS 6	Clustering	Affected
Red Hat JBoss Fuse 6	camel	Affected
Red Hat Single Sign-On 7	Clustering	Affected
JBoss Enterprise BRMS Platform 5.3	Clustering	Fixed	RHSA-2016:1345	27.06.2016
Red Hat JBoss BRMS 6.3	Clustering	Fixed	RHSA-2016:1345	27.06.2016
Red Hat JBoss BRMS 6.3	Clustering	Fixed	RHSA-2016:1347	27.06.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

https://bugzilla.redhat.com/show_bug.cgi?id=1313589JGroups: Authorization bypass

EPSS

Процентиль: 85%

0.02357

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Связанные уязвимости

CVE-2016-2141

CVSS3: 9.8

ubuntu

больше 9 лет назад

CVE-2016-2141

CVSS3: 9.8

nvd

больше 9 лет назад

CVE-2016-2141

CVSS3: 9.8

debian

больше 9 лет назад

It was found that JGroups did not require necessary headers for encryp ...

GHSA-rc7h-x6cq-988q

CVSS3: 9.8

github

больше 3 лет назад

Improper Input Validation in JGroups

EPSS

Процентиль: 85%

0.02357

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2