CVE-2012-2377
First published: Mon May 21 2012(Updated: )
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Portal Platform | <=5.2.1 | |
| Redhat Jboss Enterprise Portal Platform | =4.3.0 | |
| Redhat Jboss Enterprise Portal Platform | =4.3.0-cp07 | |
| Redhat Jboss Enterprise Portal Platform | =5.0.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.0.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.0 | |
| Redhat Jboss Enterprise Soa Platform | <=5.2.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp01 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp03 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp04 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp05 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-tp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp01 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp03 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp04 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp05 | |
| Redhat Jboss Enterprise Soa Platform | =5.0.0 | |
| Redhat Jboss Enterprise Soa Platform | =5.0.1 | |
| Redhat Jboss Enterprise Soa Platform | =5.0.2 | |
| Redhat Jboss Enterprise Soa Platform | =5.1.0 | |
| Redhat Jboss Enterprise Soa Platform | =5.1.1 | |
| Redhat Jboss Enterprise Brms Platform | <=5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-1028.html
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2012-1232.html
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://secunia.com/advisories/49669
- http://secunia.com/advisories/50084
- http://secunia.com/advisories/50549
- http://secunia.com/advisories/51984
- http://www.osvdb.org/83085
- http://www.securityfocus.com/bid/54183
- https://bugzilla.redhat.com/show_bug.cgi?id=823392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76540
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2377
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- vendor/redhat
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/5.2.1
- version/redhat jboss enterprise portal platform/4.3.0
- version/redhat jboss enterprise portal platform/4.3.0-cp07
- version/redhat jboss enterprise portal platform/5.0.0
- version/redhat jboss enterprise portal platform/5.0.1
- version/redhat jboss enterprise portal platform/5.1.0
- version/redhat jboss enterprise portal platform/5.1.1
- version/redhat jboss enterprise portal platform/5.2.0
- canonical/redhat jboss enterprise soa platform
- version/redhat jboss enterprise soa platform/5.2.0
- version/redhat jboss enterprise soa platform/4.2.0
- version/redhat jboss enterprise soa platform/4.2.0-cp01
- version/redhat jboss enterprise soa platform/4.2.0-cp02
- version/redhat jboss enterprise soa platform/4.2.0-cp03
- version/redhat jboss enterprise soa platform/4.2.0-cp04
- version/redhat jboss enterprise soa platform/4.2.0-cp05
- version/redhat jboss enterprise soa platform/4.2.0-tp02
- version/redhat jboss enterprise soa platform/4.3.0
- version/redhat jboss enterprise soa platform/4.3.0-cp01
- version/redhat jboss enterprise soa platform/4.3.0-cp02
- version/redhat jboss enterprise soa platform/4.3.0-cp03
- version/redhat jboss enterprise soa platform/4.3.0-cp04
- version/redhat jboss enterprise soa platform/4.3.0-cp05
- version/redhat jboss enterprise soa platform/5.0.0
- version/redhat jboss enterprise soa platform/5.0.1
- version/redhat jboss enterprise soa platform/5.0.2
- version/redhat jboss enterprise soa platform/5.1.0
- version/redhat jboss enterprise soa platform/5.1.1
- canonical/redhat jboss enterprise brms platform
- version/redhat jboss enterprise brms platform/5.2.0