PT-2012-3995 · Red Hat · Brms Platform+3
David Jorm
·
Published
2012-11-23
·
Updated
2017-08-29
·
CVE-2012-2377
CVSS v2.0
3.3
Low
| Vector | AV:A/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JGroups diagnostics service in JBoss Enterprise Portal Platform versions prior to 5.2.2
JGroups diagnostics service in SOA Platform versions prior to 5.3.0
JGroups diagnostics service in BRMS Platform versions prior to 5.3.0
Description
The issue allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast because the JGroups diagnostics service is enabled without authentication when started by the JGroups channel.
Recommendations
For JBoss Enterprise Portal Platform versions prior to 5.2.2, update to version 5.2.2 or later to resolve the issue.
For SOA Platform versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue.
For BRMS Platform versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brms Platform
Jboss Enterprise Portal Platform
Jgroups
Soa Platform