REDHAT-BUG-823392
First published: Mon May 21 2012(Updated: )
When a JGroups channel is started, the JGroups diagnostics service will be enabled by default with no authentication. This service is exposed via IP multicast. On JBoss Enterprise Application Platform 6, an attacker on an adjacent network can exploit this flaw to read diagnostics information and invoke JMX operations on the server (limited remote code execution). On other affected JBoss products, an attacker on an adjacent network can exploit this flaw only to read diagnostics information (information disclosure).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | ||
| JBoss |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://issues.jboss.org/browse/JBPAPP-9053
- https://issues.jboss.org/browse/JBPAPP-9118
- https://rhn.redhat.com/errata/RHSA-2012-1028.html
- https://rhn.redhat.com/errata/RHSA-2012-1125.html
- https://rhn.redhat.com/errata/RHSA-2012-1232.html
- https://rhn.redhat.com/errata/RHSA-2013-0194.html
- https://rhn.redhat.com/errata/RHSA-2013-0192.html
- https://rhn.redhat.com/errata/RHSA-2013-0191.html
- https://rhn.redhat.com/errata/RHSA-2013-0195.html
- https://rhn.redhat.com/errata/RHSA-2013-0193.html
- https://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0196.html
- https://rhn.redhat.com/errata/RHSA-2013-0198.html
- https://bugzilla.redhat.com/show_bug.cgi?id=823392
Frequently Asked Questions
What is the severity of REDHAT-BUG-823392?
The severity of REDHAT-BUG-823392 is considered high due to the potential for unauthorized access to sensitive diagnostics information.
How do I fix REDHAT-BUG-823392?
To fix REDHAT-BUG-823392, disable the JGroups diagnostics service or configure it to require authentication.
What systems are affected by REDHAT-BUG-823392?
REDHAT-BUG-823392 affects JBoss Enterprise Application Platform 6 and other JBoss products using JGroups.
Can the REDHAT-BUG-823392 vulnerability be exploited remotely?
Yes, an attacker on an adjacent network can exploit REDHAT-BUG-823392 to access JGroups diagnostics information.
What are the risks of not addressing REDHAT-BUG-823392?
If REDHAT-BUG-823392 is not addressed, it can lead to information disclosure and potential network-level attacks.
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2377
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/jboss
- canonical/jboss enterprise application platform
- canonical/jboss