Get a Demo

CVE

CVE-2016-2141

Improper Input Validation in JGroups

CVE

CVE-2016-2141

Improper Input Validation in JGroups

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. Fixes for this issue have been backported to versions 3.6.10.Final and 3.2.16.Final.

Package Versions Affected

org.apache.activemq:artemis-jdbc-store

org.apache.activemq:artemis-jms-server

org.apache.activemq:artemis-jms-client

org.apache.activemq:artemis-jms-client

org.apache.activemq:artemis-server

org.apache.activemq:artemis-service-extensions

org.apache.activemq:artemis-server

org.apache.activemq:artemis-jms-server

org.apache.activemq:artemis-service-extensions

org.apache.activemq:artemis-core-client

org.apache.activemq:artemis-core-client

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

C

H

U

-

C

H

U

-

Endor Labs

C

H

U

-

Related Resources

No items found.

References

Severity

9.8

CVSS Score

0

10

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.00885%

EPSS Percentile

0.74474%

Introduced Version

3.3.0.Alpha1

Fix Available

3.6.10.Final

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading