It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
History
07 Nov 2023, 02:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-06-30 16:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-2141
Mitre link : CVE-2016-2141
CVE.ORG link : CVE-2016-2141
JSON object : View
Products Affected
redhat
- enterprise_linux
- jboss_enterprise_application_platform
- jgroups
CWE