Vulnerability CVE-2012-2377
Published: 2012-11-23

Description:
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Jboss enterprise brms platform 
Redhat -> Jboss enterprise portal platform 
Redhat -> Jboss enterprise soa platform 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=823392
http://xforce.iss.net/xforce/xfdb/76540
http://www.securityfocus.com/bid/54183
http://www.osvdb.org/83085
http://secunia.com/advisories/51984
http://secunia.com/advisories/50549
http://secunia.com/advisories/50084
http://secunia.com/advisories/49669
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://rhn.redhat.com/errata/RHSA-2012-1125.html
http://rhn.redhat.com/errata/RHSA-2012-1028.html
Copyright 2024, cxsecurity.com

 

Back to Top