The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2016:1330 advisory.

    Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss     Application Server 7.

    This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application     Platform 6.4 More information about this vulnerability is available at:
    https://access.redhat.com/articles/2360521

    Security Fix(es):

    * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new     nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this     vulnerability to send and receive messages within the cluster, leading to information disclosure, message     spoofing, or further possible attacks. (CVE-2016-2141)

    The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 / 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2016:1330)

critical Nessus Plugin ID 91852

Version 2.12