CVE-2016-2141 — Improper Input Validation in Redhat Jgroups

CWE-20 — Improper Input Validation8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

2.4%

top 15.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jgroups Redhat Jboss Enterprise Application Platform

Timeline

PublishedJun 30

Latest updateMay 13

Description

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/jgroups< 4.0

▶NVDredhat/jboss_enterprise_application_platform5.2, 6.4, 7.0+2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Improper Input Validation in JGroups↗2022-05-13

▶

GHSA

Improper Input Validation in JGroups↗2022-05-13

▶

OSV

CVE-2016-2141: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster↗2016-06-30

▶

CVEList

CVE-2016-2141: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster↗2016-06-30

▶

📋Vendor Advisories

Red Hat

JGroups: Authorization bypass↗2016-06-23

▶

Debian

CVE-2016-2141: libjgroups-java - It was found that JGroups did not require necessary headers for encrypt and auth...↗2016

▶

💬Community

Bugzilla

CVE-2016-2141 JGroups: Authorization bypass↗2016-03-02

▶