The default configuration of Red Hat JBoss Portal prior to 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote malicious users to obtain sensitive information (diagnostics) by accessing the service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise portal platform |
||
redhat jboss enterprise portal platform 5.2.2 |
||
redhat jboss enterprise portal platform 5.2.1 |
||
redhat jboss enterprise portal platform 5.0.0 |
||
redhat jboss enterprise portal platform 4.3.0 |
||
redhat jboss enterprise portal platform 5.1.1 |
||
redhat jboss enterprise portal platform 5.0.1 |
||
redhat jboss enterprise portal platform 5.2.0 |
||
redhat jboss enterprise portal platform 5.1.0 |