DEBIAN-CVE-2016-2141

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2016-2141
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2141.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2016-2141
Upstream
Published
2016-06-30T16:59:00.117Z
Modified
2025-11-20T10:12:37.284260Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

References

Affected packages

Debian:11 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12.2.Final-5
2.12.2.Final-6

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2141.json"

Debian:12 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12.2.Final-5
2.12.2.Final-6

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2141.json"

Debian:13 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12.2.Final-6

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2141.json"

Debian:14 / libjgroups-java

Package

Name
libjgroups-java
Purl
pkg:deb/debian/libjgroups-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12.2.Final-6

Ecosystem specific 

{
    "urgency": "unimportant"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2016-2141.json"