Lucene search

GitHub Advisory DatabaseGHSA-RC7H-X6CQ-988Q

HistoryMay 13, 2022 - 1:03 a.m.

Improper Input Validation in JGroups

2022-05-1301:03:31

CWE-20

GitHub Advisory Database

github.com

0.007 Low

EPSS

Percentile

79.4%

JSON

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. Fixes for this issue have been backported to versions 3.6.10.Final and 3.2.16.Final.

CPENameOperatorVersion
org.jgroups:jgroupslt3.2.16.Final
org.jgroups:jgroupslt3.6.10.Final

CPE	Name	Operator	Version
	org.jgroups:jgroups	lt	3.2.16.Final
	org.jgroups:jgroups	lt	3.6.10.Final

References

rhn.redhat.com/errata/RHSA-2016-1435.html

rhn.redhat.com/errata/RHSA-2016-1439.html

rhn.redhat.com/errata/RHSA-2016-2035.html

access.redhat.com/errata/RHSA-2016:1345

access.redhat.com/errata/RHSA-2016:1346

access.redhat.com/errata/RHSA-2016:1347

access.redhat.com/errata/RHSA-2016:1374

access.redhat.com/errata/RHSA-2016:1376

access.redhat.com/errata/RHSA-2016:1389

access.redhat.com/errata/RHSA-2016:1432

access.redhat.com/errata/RHSA-2016:1433

access.redhat.com/errata/RHSA-2016:1434

github.com/advisories/GHSA-rc7h-x6cq-988q

github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36

issues.jboss.org/browse/JGRP-2021

issues.redhat.com/browse/JGRP-2055

issues.redhat.com/browse/JGRP-2074

lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E

lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2016-2141

rhn.redhat.com/errata/RHSA-2016-1328.html

rhn.redhat.com/errata/RHSA-2016-1329.html

rhn.redhat.com/errata/RHSA-2016-1330.html

rhn.redhat.com/errata/RHSA-2016-1331.html

rhn.redhat.com/errata/RHSA-2016-1332.html

rhn.redhat.com/errata/RHSA-2016-1333.html

rhn.redhat.com/errata/RHSA-2016-1334.html

web.archive.org/web/20161013163606/www.securityfocus.com/bid/91481

web.archive.org/web/20201207092245/www.securitytracker.com/id/1036165

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

0.007 Low

EPSS

Percentile

79.4%

JSON

Related for GHSA-RC7H-X6CQ-988Q