CVE-2012-2377

critical

Description

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/76540

https://bugzilla.redhat.com/show_bug.cgi?id=823392

http://www.securityfocus.com/bid/54183

http://www.osvdb.org/83085

http://secunia.com/advisories/51984

http://secunia.com/advisories/50549

http://secunia.com/advisories/50084

http://secunia.com/advisories/49669

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2012-1232.html

http://rhn.redhat.com/errata/RHSA-2012-1125.html

http://rhn.redhat.com/errata/RHSA-2012-1028.html

Details

Source: Mitre, NVD

Published: 2012-11-23

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical