CVE-2013-4112

JGroups 3.0.0-3.2.8 & 3.3.0-3.3.2 - Sensitive Info Exposure & RCE via DiagnosticsHandler

Title source: llm
STIX 2.1

Description

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1209.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1207.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1208.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1771.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=983489

Scores

EPSS 0.0161
EPSS Percentile 73.0%

Details

CWE
CWE-200
Status published
Products (30)
jgroups/jgroup 3.0.0
jgroups/jgroup 3.0.1
jgroups/jgroup 3.0.2
jgroups/jgroup 3.0.3
jgroups/jgroup 3.0.4
jgroups/jgroup 3.0.5
jgroups/jgroup 3.0.6
jgroups/jgroup 3.0.7
jgroups/jgroup 3.0.8
jgroups/jgroup 3.0.9
... and 20 more
Published Sep 28, 2013
Tracked Since Feb 18, 2026