CVE-2013-2102

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Portal versions prior to 6.1.0

Description The default configuration of Red Hat JBoss Portal enables the JGroups diagnostics service with no authentication when a JGroups channel is started. This allows remote attackers to obtain sensitive information by accessing the service.

Recommendations For versions prior to 6.1.0, update to version 6.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the JGroups diagnostics service until a patch is available. Restrict access to the JGroups channel to minimize the risk of exploitation.