All the vulnerabilites related to jgroups - jgroup
Vulnerability from fkie_nvd
Published
2013-09-28 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jgroups | jgroup | 3.0.0 | |
| jgroups | jgroup | 3.0.1 | |
| jgroups | jgroup | 3.0.2 | |
| jgroups | jgroup | 3.0.3 | |
| jgroups | jgroup | 3.0.4 | |
| jgroups | jgroup | 3.0.5 | |
| jgroups | jgroup | 3.0.6 | |
| jgroups | jgroup | 3.0.7 | |
| jgroups | jgroup | 3.0.8 | |
| jgroups | jgroup | 3.0.9 | |
| jgroups | jgroup | 3.0.10 | |
| jgroups | jgroup | 3.0.11 | |
| jgroups | jgroup | 3.0.12 | |
| jgroups | jgroup | 3.0.13 | |
| jgroups | jgroup | 3.0.14 | |
| jgroups | jgroup | 3.1.0 | |
| jgroups | jgroup | 3.2.0 | |
| jgroups | jgroup | 3.2.1 | |
| jgroups | jgroup | 3.2.2 | |
| jgroups | jgroup | 3.2.3 | |
| jgroups | jgroup | 3.2.4 | |
| jgroups | jgroup | 3.2.5 | |
| jgroups | jgroup | 3.2.6 | |
| jgroups | jgroup | 3.2.7 | |
| jgroups | jgroup | 3.2.8 | |
| jgroups | jgroup | 3.3.0 | |
| jgroups | jgroup | 3.3.1 | |
| jgroups | jgroup | 3.3.2 | |
| redhat | jboss_enterprise_application_platform | 6.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7D1BD4-D8FC-4273-A6A0-366DD79A496E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD46895D-FB26-435D-9B16-25C7209E11F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A395606C-DE3F-4D8F-AA16-E03EEDF9A69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB65DEBB-D02E-46A3-9FFB-50BEF684A5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBCC57D-C150-417A-9006-8B8ED59660F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE5363F-B0B6-4C5A-ADEA-6BED9975E64C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25CE7711-D775-441A-9516-CE8C179098AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1943F94B-60BA-4F43-BEB9-1871FD6081F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "85934810-4C70-4F67-8BA7-0611DA0CC4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D505E367-1B72-4724-941E-9ACF84F049C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "96152ED5-15A3-4FE8-8867-E513CF553D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6D401-1C9A-4D06-83AA-F412FF104072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2933A08-8D13-4D2B-8563-F1E20FD68848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F5575367-3397-4857-9E86-F520F77F5068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "07E2D48A-656D-4F35-9403-DB480B335EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7211DD9-7F95-4C8C-A71B-953C55F0B437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB08F5C-FE77-4D8C-BCEB-B83661CB0F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4142AF1A-31B6-4CF6-AD7B-F2C2C77F6681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D25A05-8428-45F7-B096-DB7B3A07865C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "864A006F-91E2-4189-8018-B5F8DE263F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "632145D7-37FE-424C-A113-0D67E973DB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82EC7A2C-B127-4B09-AEFF-F5673D485F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "151E6F95-3712-4F3B-B7A9-D19C5D3597FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88D727F0-8BE3-4564-B7B8-5D45FF58F5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB7FE54-502C-42DE-B57C-182A536E531C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "085BAF20-AEC9-48F7-A8AA-582F20D509F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA970A5F-54B3-4DE9-88F6-78EE81BA9EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroups:jgroup:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC6B18C-29E4-4A28-886E-6D1B3C2A746C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF680478-162A-4F7B-B9BA-C407FA3C0EEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials."
},
{
"lang": "es",
"value": "El DiagnosticsHandler en JGroup 3.0.x, 3.1.x, 3.2.x anterior a 3.2.9 , y 3.3.x anterior a 3.3.3 permite a atacantes remotos obtener informaci\u00f3n sensible (informaci\u00f3n de disgn\u00f3sticos) y ejecutar codigo arbitrario reutilizando credenciales v\u00e1lidas"
}
],
"id": "CVE-2013-4112",
"lastModified": "2024-11-21T01:54:54.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-28T19:55:03.023",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-4112
Vulnerability from cvelistv5
Published
2013-09-28 19:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0029.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1209.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1437.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1207.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1208.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=983489 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1771.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
},
{
"name": "RHSA-2013:1771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-05T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
},
{
"name": "RHSA-2013:1771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4112",
"datePublished": "2013-09-28T19:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}