The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-4112 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 3.3 |
|---|---|
| Base Metrics | AV:A/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Adjacent Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (jgroups) | RHSA-2013:1207 | 2013-09-04 |
| Red Hat JBoss Portal Platform 6.1 | RHSA-2013:1437 | 2013-10-16 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (jgroups) | RHSA-2013:1208 | 2013-09-04 |
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Portal Platform 4 | jgroups | Not affected |
| Red Hat JBoss Portal 5 | jgroups | Not affected |
| Red Hat JBoss Operations Network 3.1 | jgroups | Not affected |
| Red Hat JBoss Enterprise SOA Platform 5 | jgroups | Not affected |
| Red Hat JBoss Enterprise SOA Platform 4.3 | jgroups | Not affected |
| Red Hat JBoss EAP 5 | jgroups | Not affected |
| Red Hat JBoss Data Grid 6 | jgroups | Will not fix |
| Red Hat JBoss BRMS 5 | jgroups | Not affected |
Vulmon