CVE-2013-4112
EPSS 1.3%Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Published: 5/17/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2013-4112
Description
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Affected packages (2)
- Debian/libjgroups-javafrom 0, < 2.12.2.Final-4
- Maven/org.jgroups:jgroups>= 3.0.0, < 3.2.9.Final
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4112
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4112
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1207.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1208.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1209.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1437.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1771.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-0029.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=983489