CVE-2016-2141

Published Jun 30, 2016

Last updated a year ago

Overview

Description: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jgroups:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEEE3873-17F7-4E5D-9C19-1C1BE698A17E",
            "versionEndExcluding": "4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F14D0A-4350-4141-B4C4-FBEBAAA4828D"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E0AFF9-F664-4D46-AEF4-07C725CC5448"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References