It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2016-1435.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-1439.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2035.html - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/91481 - VDB Entry | |
References | () http://www.securitytracker.com/id/1036165 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2016:1345 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1346 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1347 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1374 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1376 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1389 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1432 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1433 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1434 - Vendor Advisory | |
References | () https://issues.jboss.org/browse/JGRP-2021 - Issue Tracking, Vendor Advisory | |
References | () https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E - | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1328.html - Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1329.html - Broken Link, Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1330.html - Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1331.html - Broken Link, Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1332.html - Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1333.html - Broken Link, Vendor Advisory | |
References | () https://rhn.redhat.com/errata/RHSA-2016-1334.html - Vendor Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory |
07 Nov 2023, 02:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-06-30 16:59
Updated : 2024-11-21 02:47
NVD link : CVE-2016-2141
Mitre link : CVE-2016-2141
CVE.ORG link : CVE-2016-2141
JSON object : View
Products Affected
redhat
- jgroups
- enterprise_linux
- jboss_enterprise_application_platform
CWE