Red Hat Bugzilla – Bug 963984
CVE-2013-2102 Gatein: JGroups configurations enable diagnostics without authentication
Last modified: 2015-02-15 16:52:06 EST
When a JGroups channel is started, the JGroups diagnostics service will be enabled by default with no authentication. This service is exposed via IP multicast. An attacker on an adjacent network can exploit this flaw only to read diagnostics information (information disclosure).
This issue was discovered by Red Hat.
This issue has been addressed in following products:
Red Hat JBoss Portal 6.1.0
Via RHSA-2013:1437 https://rhn.redhat.com/errata/RHSA-2013-1437.html