CVE-2016-2141

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html", "name": "RHSA-2016:1334", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html", "name": "RHSA-2016:1333", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://issues.jboss.org/browse/JGRP-2021", "name": "https://issues.jboss.org/browse/JGRP-2021", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1036165", "name": "1036165", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html", "name": "RHSA-2016:1331", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html", "name": "RHSA-2016:1329", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html", "name": "RHSA-2016:1328", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html", "name": "RHSA-2016:1332", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html", "name": "RHSA-2016:1330", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1346", "name": "RHSA-2016:1346", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1374", "name": "RHSA-2016:1374", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1389", "name": "RHSA-2016:1389", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1347", "name": "RHSA-2016:1347", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1345", "name": "RHSA-2016:1345", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html", "name": "RHSA-2016:1435", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1433", "name": "RHSA-2016:1433", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1434", "name": "RHSA-2016:1434", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/91481", "name": "91481", "tags": ["VDB Entry"], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html", "name": "RHSA-2016:1439", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1432", "name": "RHSA-2016:1432", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2016:1376", "name": "RHSA-2016:1376", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html", "name": "RHSA-2016:2035", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E", "name": "[geode-dev] 20200407 JGroups vulnerabilty", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E", "name": "[geode-dev] 20200407 Re: JGroups vulnerabilty", "tags": ["Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-2141", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2016-06-30T16:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jgroups:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.0"}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-25T16:37Z"}