PT-2013-3542 · Red Hat · Red Hat Jboss Portal

Published

2013-10-28

Updated

2013-10-30

CVE-2013-2102

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Portal versions prior to 6.1.0

Description The default configuration of Red Hat JBoss Portal enables the JGroups diagnostics service with no authentication when a JGroups channel is started. This allows remote attackers to obtain sensitive information by accessing the service.

Recommendations For versions prior to 6.1.0, update to version 6.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the JGroups diagnostics service until a patch is available. Restrict access to the JGroups channel to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-2102

Affected Products

Red Hat Jboss Portal

PT-2013-3542 · Red Hat · Red Hat Jboss Portal

CVE-2013-2102

Weakness Enumeration

Related Identifiers

Affected Products

References · 3