Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-2377
HistoryNov 23, 2012 - 8:55 p.m.

CVE-2012-2377

2012-11-2320:55:00
CWE-287
[email protected]
web.nvd.nist.gov
26
cve-2012-2377
jboss
enterprise portal platform
soa platform
brms platform
jgroups
authentication
remote attackers
ip multicast
nvd

5.4 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

CPENameOperatorVersion
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq5.0.0
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq5.1.1
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq5.1.0
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq4.3.0
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformle5.2.1
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq5.2.0
redhat:jboss_enterprise_portal_platformredhat jboss enterprise portal platformeq5.0.1
redhat:jboss_enterprise_soa_platformredhat jboss enterprise soa platformeq4.3.0
redhat:jboss_enterprise_soa_platformredhat jboss enterprise soa platformeq4.2.0
redhat:jboss_enterprise_soa_platformredhat jboss enterprise soa platformeq5.0.2
Rows per page:
1-10 of 161

Related

prion 1
ubuntucve 1
seebug 1
redhat 6
veracode 8
nessus 6
prion
prion
Design/Logic Flaw
2012-11-23 20:55:00
ubuntucve
ubuntucve
CVE-2012-2377
2012-11-23 00:00:00
seebug
seebug
JBoss Enterprise BRMS Platform JGroups Diagnostics ServiceδΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2012-08-03 00:00:00
redhat
redhat
(RHSA-2013:0198) Important: JBoss Enterprise Web Platform 5.2.0 update
2013-01-24 00:00:00
(RHSA-2013:0196) Important: JBoss Enterprise Web Platform 5.2.0 update
2013-01-24 00:00:00
(RHSA-2013:0194) Important: JBoss Enterprise Application Platform 5.2.0 update
2013-01-24 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:46:48
Privilege Escalation
2019-05-02 04:46:55
Weak Authentication
2019-05-02 04:46:21
nessus
nessus
RHEL 4 : JBoss EWP (RHSA-2013:0197)
2014-11-08 00:00:00
RHEL 6 : JBoss EAP (RHSA-2013:0191)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2013:0192)
2013-01-24 00:00:00

5.4 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON
Related for CVE-2012-2377
prion1ubuntucve1seebug1redhat6veracode8nessus6