CVE-2016-2141

Published: Jun 30, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

Affected (4)

Products: Redhat: Jgroups, Jboss Enterprise Application Platform

Redhat

2 products

Jgroups

Jboss Enterprise Application Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jgroups	Before 4.0

Configuration B

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 5.2
Redhat Jboss Enterprise Application Platform	Version 6.4
Redhat Jboss Enterprise Application Platform	Version 7.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

References (50)

http://rhn.redhat.com/errata/RHSA-2016-1435.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1439.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2035.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/91481

Source: secalert@redhat.com

VDB Entry

http://www.securitytracker.com/id/1036165

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1345

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1346

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1347

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1374

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1376

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1389

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1432

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1433

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1434

Source: secalert@redhat.com

Vendor Advisory

https://issues.jboss.org/browse/JGRP-2021

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2016-1328.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1329.html

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1330.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1331.html

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1332.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1333.html

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1334.html

Source: secalert@redhat.com

Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1435.html