Red Hat Customer Portal

Skip to main content

CVE-2013-2102

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

Details Source

Mitre

Public Date

2013-10-16 00:00:00

Impact

Low

Bugzilla

CVE-2013-2102 Gatein: JGroups configurations enable diagnostics without authentication

Bugzilla ID

963 984

CVSS Status

verified

Base Score

3.30

Base Metrics

AV:A/AC:L/Au:N/C:P/I:N/A:N

Acknowledgements

This issue was discovered by Red Hat.

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Portal Platform 6.1 RHSA-2013:1437 2013-10-16

Affected Packages State

Platform Package State
Red Hat JBoss Portal 5 Requirements Will not fix