Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
Related Vulnerabilities
CVE-2021-30638 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2017-15700 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2018-14730 Vulnerability in npm package browserify-hmr
CVE-2017-15713 Vulnerability in maven package org.apache.hadoop:hadoop-common