Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Related Vulnerabilities
CVE-2018-8024 Vulnerability in maven package org.apache.spark:spark-core
CVE-2015-2080 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2017-16064 Vulnerability in npm package node-openssl
CVE-2017-16072 Vulnerability in npm package nodemailer.js
CVE-2018-1000402 Vulnerability in maven package org.jenkins-ci.plugins:codedeploy