Published: 28/10/2013 Updated: 30/10/2013

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Jboss Enterprise Portal Platform

The default configuration of Red Hat JBoss Portal prior to 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote malicious users to obtain sensitive information (diagnostics) by accessing the service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise portal platform
redhat jboss enterprise portal platform 5.2.2
redhat jboss enterprise portal platform 5.2.1
redhat jboss enterprise portal platform 5.0.0
redhat jboss enterprise portal platform 4.3.0
redhat jboss enterprise portal platform 5.1.1
redhat jboss enterprise portal platform 5.0.1
redhat jboss enterprise portal platform 5.2.0
redhat jboss enterprise portal platform 5.1.0

The default configuration of Red Hat JBoss Portal before 610 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service ...

CWE-287 http://rhn.redhat.com/errata/RHSA-2013-1437.html https://bugzilla.redhat.com/show_bug.cgi?id=963984 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2102

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2102

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect