Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
Related Vulnerabilities
CVE-2013-2071 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-31069 Vulnerability in npm package @ffdc/nestjs-proxy
CVE-2017-16056 Vulnerability in npm package mssql.js
CVE-2016-3727 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-catalina