9.8

CVE-2016-2141

EPSS 1.55%
Published 30.06.2016 16:59:00
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

Affected products Warnungen 0 Metrics 3 CWE 0 References 28

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jgroups Version < 4.0

Redhat ≫ Jboss Enterprise Application Platform Version5.2

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version6.4

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version7.0

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.55%	0.808

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1376

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2035.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1435.html

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1432

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1433

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1434

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1439.html

Vendor Advisory

http://www.securityfocus.com/bid/91481

VDB Entry

http://www.securitytracker.com/id/1036165

Third Party Advisory

Broken Link

VDB Entry

https://access.redhat.com/errata/RHSA-2016:1345

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1346

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1347

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1374

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1389

Vendor Advisory

https://issues.jboss.org/browse/JGRP-2021

Vendor Advisory

Issue Tracking

https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E

https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E

https://rhn.redhat.com/errata/RHSA-2016-1328.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1329.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1330.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1331.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1332.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1333.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1334.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-2141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2141

EUVD