CVE-2012-2377
Published Nov 23, 2012
Last updated 7 years ago
Overview
- Description
- JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "300258C1-80FD-405D-850E-47A551818C10",
"versionEndIncluding": "5.2.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC50B7E2-35A0-4D2B-8865-69EF15C7B31E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9C9C8B4-693E-4777-BC31-5933147DFC54"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3221242F-802E-418B-BC9D-CFA200D99171"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5472541F-ED83-4656-AE18-1642F571D294"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97165B18-1078-4215-94DA-0B6C4228056E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D66D2843-0273-4A3A-A9D1-48BBB15031B7"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB6052BB-26FF-4D58-99B1-B54FA990A741",
"versionEndIncluding": "5.2.0"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDEABE3E-DC3E-4B98-8433-4308BBEE6F26"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70942A41-9089-4313-8B00-5CB92518A349"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "093F7EA4-B190-49A5-AF55-42D4F960EEFE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75CBF063-6986-4217-BC8E-661B5167AB2A"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F6528B6-1147-4366-8F81-8B380903EAA6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92953D9C-8FF0-4499-A4A4-3B05696D326E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C57B8004-AF15-4F0F-B9FA-A3CFF7BD42DE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F4FC45-CF67-44E4-96CA-31B537151C7E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7CF5F63-C7A8-4787-9620-F5B76A9F0F3E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BCA6581-3C94-4B1B-B30F-E0B854A68968"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67BD448A-745D-4387-ABC8-A18DF142574D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFC497FD-503A-463B-A75E-9C4B9B716521"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8F224EE-A5A1-490B-91A5-0196B4168F32"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55661526-BC23-4853-BF6C-E1899D747EC5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E867ECA4-43A5-4424-B703-437991A1C58A",
"versionEndIncluding": "5.2.0"
}
],
"operator": "OR"
}
]
}
]