9.8

CVE-2016-2141

EPSS 1.55%
Veröffentlicht 30.06.2016 16:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 28

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jgroups Version < 4.0

Redhat ≫ Jboss Enterprise Application Platform Version5.2

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version6.4

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version7.0

   Redhat ≫ Enterprise Linux Version5.0
   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.55%	0.808

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1376

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2035.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1435.html

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1432

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1433

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1434

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1439.html

Vendor Advisory

http://www.securityfocus.com/bid/91481

VDB Entry

http://www.securitytracker.com/id/1036165

Third Party Advisory

Broken Link

VDB Entry

https://access.redhat.com/errata/RHSA-2016:1345

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1346

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1347

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1374

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1389

Vendor Advisory

https://issues.jboss.org/browse/JGRP-2021

Vendor Advisory

Issue Tracking

https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E

https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E

https://rhn.redhat.com/errata/RHSA-2016-1328.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1329.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1330.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1331.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1332.html

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1333.html

Vendor Advisory

Broken Link

https://rhn.redhat.com/errata/RHSA-2016-1334.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-2141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2141

EUVD