CVE Vulnerabilities

CVE-2013-2102

Improper Authentication

Published: Oct 28, 2013 | Modified: Oct 30, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
3.3 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Jboss_enterprise_portal_platform Redhat * 6.0.0 (including)
Jboss_enterprise_portal_platform Redhat 4.3.0 (including) 4.3.0 (including)
Jboss_enterprise_portal_platform Redhat 5.0.0 (including) 5.0.0 (including)
Jboss_enterprise_portal_platform Redhat 5.0.1 (including) 5.0.1 (including)
Jboss_enterprise_portal_platform Redhat 5.1.0 (including) 5.1.0 (including)
Jboss_enterprise_portal_platform Redhat 5.1.1 (including) 5.1.1 (including)
Jboss_enterprise_portal_platform Redhat 5.2.0 (including) 5.2.0 (including)
Jboss_enterprise_portal_platform Redhat 5.2.1 (including) 5.2.1 (including)
Jboss_enterprise_portal_platform Redhat 5.2.2 (including) 5.2.2 (including)
Red Hat JBoss Portal Platform 6.1 RedHat *

Potential Mitigations

References