Unauthenticated Access to JGroups Diagnostics Service in Red Hat JBoss Portal
CVE-2013-2102 · LOW Severity
AV:A/AC:L/AU:N/C:P/I:N/A:N
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
Learn more about our Web Application Penetration Testing UK.