PT-2016-5024 · Red Hat+1 · Jgroups+1

Dennis Reed

Publicado

2016-06-30

Atualizado

2023-04-26

CVE-2016-2141

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JGroups versions prior to 4.0 JGroups versions 3.6.x prior to 3.6.10.Final JGroups versions 3.2.x prior to 3.2.16.Final

Description The issue allows remote attackers to bypass security restrictions by not requiring necessary headers for the ENCRYPT and AUTH protocols from new nodes joining the cluster. This enables attackers to send and receive messages within the cluster, potentially leading to information disclosure, message spoofing, or further attacks.

Recommendations For JGroups versions prior to 3.2.16.Final, update to version 3.2.16.Final or later. For JGroups versions prior to 3.6.10.Final, update to version 3.6.10.Final or later. For JGroups versions prior to 4.0, update to version 4.0 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2016-2141

GHSA-RC7H-X6CQ-988Q

RHSA-2016:1328

RHSA-2016:1330

RHSA-2016:1332

RHSA-2016:1432

RHSA-2016:1433

RHSA-2016:1434

Produtos afetados

Debian

Jgroups

PT-2016-5024 · Red Hat+1 · Jgroups+1

CVE-2016-2141

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43