CVE-2012-2377

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2012-1028.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1125.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1232.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://secunia.com/advisories/49669 Vendor Advisory
http://secunia.com/advisories/50084 Vendor Advisory
http://secunia.com/advisories/50549 Vendor Advisory
http://secunia.com/advisories/51984
http://www.osvdb.org/83085
http://www.securityfocus.com/bid/54183
https://bugzilla.redhat.com/show_bug.cgi?id=823392
https://exchange.xforce.ibmcloud.com/vulnerabilities/76540
http://rhn.redhat.com/errata/RHSA-2012-1028.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1125.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1232.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://secunia.com/advisories/49669 Vendor Advisory
http://secunia.com/advisories/50084 Vendor Advisory
http://secunia.com/advisories/50549 Vendor Advisory
http://secunia.com/advisories/51984
http://www.osvdb.org/83085
http://www.securityfocus.com/bid/54183
https://bugzilla.redhat.com/show_bug.cgi?id=823392
https://exchange.xforce.ibmcloud.com/vulnerabilities/76540
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_soa_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:38

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2012-1028.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1028.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-1125.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1125.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-1232.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2012-1232.html - Vendor Advisory
References () http://rhn.redhat.com/errata/RHSA-2013-0191.html - () http://rhn.redhat.com/errata/RHSA-2013-0191.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0192.html - () http://rhn.redhat.com/errata/RHSA-2013-0192.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0193.html - () http://rhn.redhat.com/errata/RHSA-2013-0193.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0194.html - () http://rhn.redhat.com/errata/RHSA-2013-0194.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0195.html - () http://rhn.redhat.com/errata/RHSA-2013-0195.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0196.html - () http://rhn.redhat.com/errata/RHSA-2013-0196.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0197.html - () http://rhn.redhat.com/errata/RHSA-2013-0197.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0198.html - () http://rhn.redhat.com/errata/RHSA-2013-0198.html -
References () http://secunia.com/advisories/49669 - Vendor Advisory () http://secunia.com/advisories/49669 - Vendor Advisory
References () http://secunia.com/advisories/50084 - Vendor Advisory () http://secunia.com/advisories/50084 - Vendor Advisory
References () http://secunia.com/advisories/50549 - Vendor Advisory () http://secunia.com/advisories/50549 - Vendor Advisory
References () http://secunia.com/advisories/51984 - () http://secunia.com/advisories/51984 -
References () http://www.osvdb.org/83085 - () http://www.osvdb.org/83085 -
References () http://www.securityfocus.com/bid/54183 - () http://www.securityfocus.com/bid/54183 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=823392 - () https://bugzilla.redhat.com/show_bug.cgi?id=823392 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/76540 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/76540 -

Information

Published : 2012-11-23 20:55

Updated : 2024-11-21 01:38


NVD link : CVE-2012-2377

Mitre link : CVE-2012-2377

CVE.ORG link : CVE-2012-2377


JSON object : View

Products Affected

redhat

  • jboss_enterprise_brms_platform
  • jboss_enterprise_portal_platform
  • jboss_enterprise_soa_platform
CWE
CWE-287

Improper Authentication