Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
Related Vulnerabilities
CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin
CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2017-9795 Vulnerability in maven package org.apache.geode:geode-core
CVE-2015-1840 Vulnerability in maven package org.webjars.npm:jquery-ujs
CVE-2018-1000186 Vulnerability in maven package org.jenkins-ci.plugins:ghprb