Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
Related Vulnerabilities
CVE-2020-17527 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2019-10243 Vulnerability in maven package org.eclipse.kura:target-platform
CVE-2017-16076 Vulnerability in npm package proxy.js
CVE-2015-1776 Vulnerability in maven package org.apache.hadoop:hadoop-mapreduce-client-core
CVE-2014-3662 Vulnerability in maven package org.jenkins-ci.main:jenkins-core