PT-2012-3995 · Red Hat · Brms Platform+3

David Jorm

·

Publicado

2012-11-23

·

Atualizado

2017-08-29

·

CVE-2012-2377

CVSS v2.0

3.3

Baixa

VetorAV:A/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions JGroups diagnostics service in JBoss Enterprise Portal Platform versions prior to 5.2.2 JGroups diagnostics service in SOA Platform versions prior to 5.3.0 JGroups diagnostics service in BRMS Platform versions prior to 5.3.0
Description The issue allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast because the JGroups diagnostics service is enabled without authentication when started by the JGroups channel.
Recommendations For JBoss Enterprise Portal Platform versions prior to 5.2.2, update to version 5.2.2 or later to resolve the issue. For SOA Platform versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue. For BRMS Platform versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2012-2377
RHSA-2013:0191
RHSA-2013:0192
RHSA-2013:0193
RHSA-2013:0195
RHSA-2013:0196
RHSA-2013:0197

Produtos afetados

Brms Platform
Jboss Enterprise Portal Platform
Jgroups
Soa Platform