CVE-2016-2141

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-2141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-2141
Aliases
Published
2016-06-30T16:59:00Z
Modified
2024-06-30T12:45:19.033684Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

References

Affected packages

Debian:11 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.2.Final-5

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.2.Final-5

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.2.Final-5

Ecosystem specific

{
    "urgency": "low"
}