Vulnerability Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jgroups | Jgroup | 3.0.0 |
| Redhat | Jboss Enterprise Application Platform | 6.1.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://rhn.redhat.com/errata/RHSA-2013-1771.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
- https://bugzilla.redhat.com/show_bug.cgi?id=983489
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://rhn.redhat.com/errata/RHSA-2013-1771.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
- https://bugzilla.redhat.com/show_bug.cgi?id=983489
FAQ
What is CVE-2013-4112?
CVE-2013-4112 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by...
How severe is CVE-2013-4112?
CVE-2013-4112 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4112?
Check the references section above for vendor advisories and patch information. Affected products include: Jgroups Jgroup, Redhat Jboss Enterprise Application Platform.