Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://bugzilla.redhat.com/show_bug.cgi?id=983489
Related Vulnerabilities
CVE-2021-25122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin
CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core_2.10
CVE-2023-22580 Vulnerability in npm package @sequelize/core
CVE-2011-2204 Vulnerability in maven package org.apache.tomcat:tomcat-catalina