CVE-2016-2141

9.8 CRITICAL

Published: June 30, 2016 Modified: May 06, 2026

Description

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1435.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-1439.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2035.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/91481

Source: secalert@redhat.com

VDB Entry

http://www.securitytracker.com/id/1036165

Source: secalert@redhat.com

Broken Link Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2016:1345

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1346

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1347

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1374

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1376

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1389

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1432

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1433

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1434

Source: secalert@redhat.com

Vendor Advisory

https://issues.jboss.org/browse/JGRP-2021

Source: secalert@redhat.com

Issue Tracking Vendor Advisory

https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2016-1328.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1329.html

Source: secalert@redhat.com

Broken Link Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1330.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1331.html

Source: secalert@redhat.com

Broken Link Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1332.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1333.html

Source: secalert@redhat.com

Broken Link Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2016-1334.html

Source: secalert@redhat.com

Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

Patch Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1435.html