CVE-2013-4112

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

Published: Sep 28, 2013
Updated: May 9, 2024
CVE: CVE-2013-4112
GHSA: GHSA-cc62-496p-hrr7
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.4
AV:A/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
jgroups / jgroup	3.0.7	3.0.7.x
jgroups / jgroup	3.2.0	3.2.0.x
jgroups / jgroup	3.0.12	3.0.12.x
jgroups / jgroup	3.2.1	3.2.1.x
jgroups / jgroup	3.0.14	3.0.14.x
jgroups / jgroup	3.0.1	3.0.1.x
jgroups / jgroup	3.0.5	3.0.5.x
jgroups / jgroup	3.0.6	3.0.6.x
jgroups / jgroup	3.2.8	3.2.8.x
jgroups / jgroup	3.0.4	3.0.4.x
jgroups / jgroup	3.0.9	3.0.9.x
jgroups / jgroup	3.2.7	3.2.7.x
jgroups / jgroup	3.2.2	3.2.2.x
jgroups / jgroup	3.3.2	3.3.2.x
jgroups / jgroup	3.0.3	3.0.3.x
jgroups / jgroup	3.3.0	3.3.0.x
jgroups / jgroup	3.0.8	3.0.8.x
jgroups / jgroup	3.0.10	3.0.10.x
jgroups / jgroup	3.3.1	3.3.1.x
jgroups / jgroup	3.2.3	3.2.3.x
jgroups / jgroup	3.2.5	3.2.5.x
jgroups / jgroup	3.2.6	3.2.6.x
jgroups / jgroup	3.0.2	3.0.2.x
jgroups / jgroup	3.1.0	3.1.0.x
jgroups / jgroup	3.0.13	3.0.13.x
jgroups / jgroup	3.2.4	3.2.4.x
jgroups / jgroup	3.0.0	3.0.0.x
jgroups / jgroup	3.0.11	3.0.11.x
redhat / jboss_enterprise_application_platform	6.1.0	6.1.0.x
org.jgroups / jgroups	3.0.0	3.2.9.Final
org.jgroups / jgroups	3.3.0	3.3.3.Final

Vulnerability Database

289,599

CVE-2013-4112