CVE-2016-2141
moderate-risk
Published 2016-06-30
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (50)
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1435.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-1439.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.html
VDB Entry
http://www.securityfocus.com/bid/91481
Broken Link
http://www.securitytracker.com/id/1036165
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1345
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1346
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1347
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1374
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1376
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1389
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1432
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1433
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1434
Issue Tracking
https://issues.jboss.org/browse/JGRP-2021
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1328.html
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2016-1330.html
and 30 more references
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
10/34 · Low