Red Hat update for Red Hat JBoss Enterprise Application Platform 6.4
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-2141 |
| CWE-ID | CWE-592 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
JBoss Enterprise Application Platform Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Authentication bypass
EUVDB-ID: #VU29
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-2141
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security controls on the target system.
The vulnerability exists due to improper authentication in JGroups of new nodes joining the cluster. A remote attacker can obtain potentially sensitive information by bypassing security controls on the target system, sending and receiving messages within the cluster.
Successful exploitation of this vulnerability may result in disclosure of system information,
Install updates from vendor's website.
JBoss Enterprise Application Platform: 6.4.0
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2016:1330
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
