Unauthenticated Access to JGroups Diagnostics Service in Red Hat JBoss Portal

Unauthenticated Access to JGroups Diagnostics Service in Red Hat JBoss Portal

CVE-2013-2102 · LOW Severity

AV:A/AC:L/AU:N/C:P/I:N/A:N

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.

Learn more about our Web Application Penetration Testing UK.