Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2377

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-2377
Last Modified 06 Feb 2013 11:55:13
Published 23 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2377

Summary

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Brms Platform 5.2.0

  • Redhat Jboss Enterprise Portal Platform 4.3.0

  • Redhat Jboss Enterprise Portal Platform 5.0.0

  • Redhat Jboss Enterprise Portal Platform 5.0.1

  • Redhat Jboss Enterprise Portal Platform 5.1.0

  • Redhat Jboss Enterprise Portal Platform 5.1.1

  • Redhat Jboss Enterprise Portal Platform 5.2.0

  • Redhat Jboss Enterprise Portal Platform 5.2.1

  • Redhat Jboss Enterprise Soa Platform 4.2.0

  • Redhat Jboss Enterprise Soa Platform 4.3.0

  • Redhat Jboss Enterprise Soa Platform 5.0.0

  • Redhat Jboss Enterprise Soa Platform 5.0.1

  • Redhat Jboss Enterprise Soa Platform 5.0.2

  • Redhat Jboss Enterprise Soa Platform 5.1.0

  • Redhat Jboss Enterprise Soa Platform 5.1.1

  • Redhat Jboss Enterprise Soa Platform 5.2.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=823392

XF - jboss-jgroups-info-disc(76540)

BID - 54183

OSVDB - 83085

SECUNIA - 50549

SECUNIA - 50084

SECUNIA - 49669

REDHAT - RHSA-2012:1232

REDHAT - RHSA-2012:1125

REDHAT - RHSA-2012:1028

SECUNIA - 51984

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191


Last Updated: 27 May 2016 10:57:37