CVE-2012-2377 Information

Feb 14, 2021 cve

Description

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2 SOA Platform before 5.3.0 and BRMS Platform before 5.3.0 is enabled without authentication when started by the JGroups channel which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

Reference

http://rhn.redhat.com/errata/RHSA-2012-1028.html http://rhn.redhat.com/errata/RHSA-2012-1125.html http://rhn.redhat.com/errata/RHSA-2012-1232.html http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0197.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http://secunia.com/advisories/49669 http://secunia.com/advisories/50084 http://secunia.com/advisories/50549 http://secunia.com/advisories/51984 http://www.osvdb.org/83085 http://www.securityfocus.com/bid/54183 https://bugzilla.redhat.com/show_bug.cgi?id=823392 https://exchange.xforce.ibmcloud.com/vulnerabilities/76540

Share on: