Bug 823392 (CVE-2012-2377)
| Summary: | CVE-2012-2377 JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | David Jorm <djorm> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aneelica, brms-jira, ccoleman, dereed, dpalmer, epp-bugs, gvarsami, jawilson, jbpapp-maint, jcoleman, mjc, ncross, nwallace, pcheung, rzhang, security-response-team, theute, tkirby, tkramer, zzoubkov |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-01-24 22:36:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 824264, 824265, 824266, 825577, 829323, 833426 | ||
| Bug Blocks: | 789173, 823395, 849517 | ||
|
Description
David Jorm
2012-05-21 06:47:18 UTC
EAP 6 bug: https://issues.jboss.org/browse/JBPAPP-9053 EAP/EWP 5 bug: https://issues.jboss.org/browse/JBPAPP-9118 This flaw is resolved in EAP 6.0.0 GA. This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.0 Via RHSA-2012:1028 https://rhn.redhat.com/errata/RHSA-2012-1028.html This issue has been addressed in following products: JBoss Enterprise SOA Platform 5.3.0 Via RHSA-2012:1125 https://rhn.redhat.com/errata/RHSA-2012-1125.html This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.2.2 Via RHSA-2012:1232 https://rhn.redhat.com/errata/RHSA-2012-1232.html Acknowledgements: This issue was discovered by Red Hat. This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html This issue has been addressed in following products: JBEAP 5 for RHEL 5 Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html This issue has been addressed in following products: JBEAP 5 for RHEL 6 Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html This issue has been addressed in following products: JBEWP 5 for RHEL 6 Via RHSA-2013:0195 https://rhn.redhat.com/errata/RHSA-2013-0195.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 Via RHSA-2013:0193 https://rhn.redhat.com/errata/RHSA-2013-0193.html This issue has been addressed in following products: JBEWP 5 for RHEL 4 Via RHSA-2013:0197 https://rhn.redhat.com/errata/RHSA-2013-0197.html This issue has been addressed in following products: JBEWP 5 for RHEL 5 Via RHSA-2013:0196 https://rhn.redhat.com/errata/RHSA-2013-0196.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0198 https://rhn.redhat.com/errata/RHSA-2013-0198.html |