Critical severity9.8NVD Advisory· Published Jun 30, 2016· Updated Jun 17, 2026
CVE-2016-2141
CVE-2016-2141
Description
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jgroups:jgroupsMaven | >= 3.3.0.Alpha1, < 3.6.10.Final | 3.6.10.Final |
org.jgroups:jgroupsMaven | < 3.2.16.Final | 3.2.16.Final |
Affected products
5cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
34- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1435.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1439.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-2035.htmlnvdVendor AdvisoryWEB
- www.securitytracker.com/id/1036165nvdBroken LinkThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2016:1345nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1346nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1347nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1374nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1376nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1389nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1432nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1433nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1434nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rc7h-x6cq-988qghsaADVISORY
- issues.jboss.org/browse/JGRP-2021nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-2141ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2016-1328.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1329.htmlnvdBroken LinkVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1330.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1331.htmlnvdBroken LinkVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1332.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1333.htmlnvdBroken LinkVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-1334.htmlnvdVendor AdvisoryWEB
- www.securityfocus.com/bid/91481nvdVDB Entry
- github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36ghsaWEB
- issues.redhat.com/browse/JGRP-2055ghsaWEB
- issues.redhat.com/browse/JGRP-2074ghsaWEB
- lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3EghsaWEB
- web.archive.org/web/20161013163606/http://www.securityfocus.com/bid/91481ghsaWEB
- web.archive.org/web/20201207092245/http://www.securitytracker.com/id/1036165ghsaWEB
- lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3Envd
- lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3Envd
News mentions
0No linked articles in our index yet.