what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2016-2141

Status Candidate

Overview

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

Related Files

Red Hat Security Advisory 2016-2035-01
Posted Oct 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2035-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3192, CVE-2015-5344, CVE-2015-5348, CVE-2015-7940, CVE-2016-2141, CVE-2016-2510, CVE-2016-4437
SHA-256 | 783d844b4a979957118ea3b2ddd3e8f2ab6d7c6074b85f24619161724330d970
Red Hat Security Advisory 2016-1439-01
Posted Jul 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 317cf16ea3dbb6853842f5156d6f798a461a36ad069b855b978b49ca6e73153c
Red Hat Security Advisory 2016-1435-01
Posted Jul 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1435-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.9 Release Notes, linked to in the References. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2016-2141
SHA-256 | dec36409f1db8464a059ab01e8ba22bb42c5d3313fb7fb064859dda6b2cd0963
Red Hat Security Advisory 2016-1434-01
Posted Jul 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1434-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2016-2141
SHA-256 | 9a8e4409727b247a7ebae466821413f642efde07ee3e7723a5c7ce8f773ea250
Red Hat Security Advisory 2016-1433-01
Posted Jul 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1433-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2016-2141
SHA-256 | 35bd8a4148689c1a27929208cf6843e664a746e2a01785a0dec3a04ff5e0c5f2
Red Hat Security Advisory 2016-1432-01
Posted Jul 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1432-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2016-2141
SHA-256 | 6f3886566e926a59135b67d8dd635deae1b47778fd8b00f54cfa44a2c8520776
Red Hat Security Advisory 2016-1389-01
Posted Jul 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1389-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | f05ec9ea3d4dc3e3055033295c344bb9d2dc552b43e24e35e46ae6f202af6589
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
SHA-256 | bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996
Red Hat Security Advisory 2016-1374-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1374-01 - JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal's web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 286af024f9c96f19f6b30409bb512c0b84c72342914a566e0e893e47f30c5daf
Red Hat Security Advisory 2016-1345-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1345-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 2fc622331271f6afa73eb4f7e48d1d066bc6cbbf159a462885b921ad6608bee7
Red Hat Security Advisory 2016-1347-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1347-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | a0fd5df58421128c1a07f21c9a92276cf8767d845c7f9e6fc3c0aecc8f18306d
Red Hat Security Advisory 2016-1346-01
Posted Jun 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1346-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, local, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 10910d0024b75b8f8033a76719b206b712d0277d444d33e117eb8cfe6f89d1bc
Red Hat Security Advisory 2016-1333-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1333-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | c09dd3666c7a73222ab648af437feab92c57336cf956ab1e4fce57b7330e47de
Red Hat Security Advisory 2016-1331-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1331-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 5be0820af696aa2a268452c7cb12e9918cf60b6dbaaa9e3eabe78bcba849c38c
Red Hat Security Advisory 2016-1329-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1329-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | cbe5a6f3c25be1d44c8a6c37d72e9e00d69f1ebab57ebe7a864da31a0019d894
Red Hat Security Advisory 2016-1332-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1332-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 0b70cff2d3ed8610586553763eefcb42254dcb7ea35857a452af437770062313
Red Hat Security Advisory 2016-1330-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1330-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 6.4. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 20714f9ab297fe4c3aba11ec350c579ba01411bef55c8fc002958030913a6a60
Red Hat Security Advisory 2016-1328-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1328-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Enterprise Application Platform 5.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, java, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | b321f1b893ea8425ae2c8704d6bb5ac2e38ce33ed0aba504fd5def3d7b6cde15
Red Hat Security Advisory 2016-1334-01
Posted Jun 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1334-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Data Grid 6.6. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 2316b5764bfc5bd59d8d306c5d123284da962f5f13f6cd12804ceea6eae3b48f
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close