CVE-2016-2141

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2016-1435.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1439.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.html Vendor Advisory
http://www.securityfocus.com/bid/91481 VDB Entry
http://www.securitytracker.com/id/1036165 Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1345 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1346 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1347 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1374 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1376 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1389 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1432 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1433 Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1434 Vendor Advisory
https://issues.jboss.org/browse/JGRP-2021 Issue Tracking Vendor Advisory
https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E
https://rhn.redhat.com/errata/RHSA-2016-1328.html Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1329.html Broken Link Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1330.html Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1331.html Broken Link Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1332.html Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1333.html Broken Link Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1334.html Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:jgroups:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

History

07 Nov 2023, 02:30

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E', 'name': '[geode-dev] 20200407 JGroups vulnerabilty', 'tags': ['Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E', 'name': '[geode-dev] 20200407 Re: JGroups vulnerabilty', 'tags': ['Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E -
  • () https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E -

Information

Published : 2016-06-30 16:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-2141

Mitre link : CVE-2016-2141

CVE.ORG link : CVE-2016-2141


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • jboss_enterprise_application_platform
  • jgroups