CVE-2013-2102
Red Hat JBoss Enterprise Portal Platform < 6.0.0 - Sensitive Information Exposure via JGroups
Title source: llmDescription
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=963984
Scores
EPSS
0.0098
EPSS Percentile
57.9%
Details
CWE
CWE-287
Status
published
Products (9)
redhat/jboss_enterprise_portal_platform
4.3.0
redhat/jboss_enterprise_portal_platform
5.0.0
redhat/jboss_enterprise_portal_platform
5.0.1
redhat/jboss_enterprise_portal_platform
5.1.0
redhat/jboss_enterprise_portal_platform
5.1.1
redhat/jboss_enterprise_portal_platform
5.2.0
redhat/jboss_enterprise_portal_platform
5.2.1
redhat/jboss_enterprise_portal_platform
5.2.2
redhat/jboss_enterprise_portal_platform
< 6.0.0
Published
Oct 28, 2013
Tracked Since
Feb 18, 2026