CVE-2016-2141

Severity

75%

Complexity

99%

Confidentiality

106%

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 8 years ago

2016-06-30 16:59:00

Last updated 5 years ago

2019-04-23 19:29:00

Affected Software

Red Hat JBoss Enterprise Application Platform 7.0

7.0

CVE-2016-2141

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 8 years ago

Last updated 5 years ago

Affected Software

Red Hat JBoss Enterprise Application Platform 7.0

References

RHSA-2016:1435

RHSA-2016:1439

RHSA-2016:2035

91481

1036165

RHSA-2016:1345

RHSA-2016:1346

RHSA-2016:1347

RHSA-2016:1374

RHSA-2016:1376

RHSA-2016:1389

RHSA-2016:1432

RHSA-2016:1433

RHSA-2016:1434

https://issues.jboss.org/browse/JGRP-2021

[geode-dev] 20200407 JGroups vulnerabilty

[geode-dev] 20200407 Re: JGroups vulnerabilty

RHSA-2016:1328

RHSA-2016:1329

RHSA-2016:1330

RHSA-2016:1331

RHSA-2016:1332

RHSA-2016:1333

RHSA-2016:1334

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Stay updated

Get in touch