CVE-2013-4112
Vulnerability from cvelistv5
Published
2013-09-28 19:00
Modified
2024-08-06 16:30
Severity ?
Summary
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:50.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0029",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
          },
          {
            "name": "RHSA-2013:1209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
          },
          {
            "name": "RHSA-2013:1437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
          },
          {
            "name": "RHSA-2013:1207",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
          },
          {
            "name": "RHSA-2013:1208",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
          },
          {
            "name": "RHSA-2013:1771",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-05T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
        },
        {
          "name": "RHSA-2013:1209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
        },
        {
          "name": "RHSA-2013:1437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
        },
        {
          "name": "RHSA-2013:1207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
        },
        {
          "name": "RHSA-2013:1208",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983489"
        },
        {
          "name": "RHSA-2013:1771",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1771.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4112",
    "datePublished": "2013-09-28T19:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:30:50.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4112\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-09-28T19:55:03.023\",\"lastModified\":\"2024-11-21T01:54:54.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.\"},{\"lang\":\"es\",\"value\":\"El DiagnosticsHandler en JGroup 3.0.x, 3.1.x, 3.2.x anterior a 3.2.9 , y 3.3.x anterior a 3.3.3 permite a atacantes remotos obtener informaci\u00f3n sensible (informaci\u00f3n de disgn\u00f3sticos) y ejecutar codigo arbitrario reutilizando credenciales v\u00e1lidas\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":5.4,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7D1BD4-D8FC-4273-A6A0-366DD79A496E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD46895D-FB26-435D-9B16-25C7209E11F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A395606C-DE3F-4D8F-AA16-E03EEDF9A69E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB65DEBB-D02E-46A3-9FFB-50BEF684A5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFBCC57D-C150-417A-9006-8B8ED59660F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE5363F-B0B6-4C5A-ADEA-6BED9975E64C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CE7711-D775-441A-9516-CE8C179098AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1943F94B-60BA-4F43-BEB9-1871FD6081F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85934810-4C70-4F67-8BA7-0611DA0CC4F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D505E367-1B72-4724-941E-9ACF84F049C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96152ED5-15A3-4FE8-8867-E513CF553D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB6D401-1C9A-4D06-83AA-F412FF104072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2933A08-8D13-4D2B-8563-F1E20FD68848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5575367-3397-4857-9E86-F520F77F5068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E2D48A-656D-4F35-9403-DB480B335EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7211DD9-7F95-4C8C-A71B-953C55F0B437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB08F5C-FE77-4D8C-BCEB-B83661CB0F77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4142AF1A-31B6-4CF6-AD7B-F2C2C77F6681\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D25A05-8428-45F7-B096-DB7B3A07865C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"864A006F-91E2-4189-8018-B5F8DE263F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"632145D7-37FE-424C-A113-0D67E973DB9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EC7A2C-B127-4B09-AEFF-F5673D485F84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"151E6F95-3712-4F3B-B7A9-D19C5D3597FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88D727F0-8BE3-4564-B7B8-5D45FF58F5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEB7FE54-502C-42DE-B57C-182A536E531C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085BAF20-AEC9-48F7-A8AA-582F20D509F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA970A5F-54B3-4DE9-88F6-78EE81BA9EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jgroups:jgroup:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC6B18C-29E4-4A28-886E-6D1B3C2A746C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF680478-162A-4F7B-B9BA-C407FA3C0EEE\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1207.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1208.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1209.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1437.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1771.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0029.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=983489\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1207.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1208.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1437.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1771.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=983489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}