Search for vulnerabilities
Vulnerability details: VCID-rws9-7kwm-aaae
Vulnerability ID VCID-rws9-7kwm-aaae
Aliases CVE-2013-4112
GHSA-cc62-496p-hrr7
Summary Authentication via cached credentials The `DiagnosticsHandler` in this package allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4112.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1207.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1208.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1209.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1771.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0029.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1207
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1208
rhas Moderate https://access.redhat.com/errata/RHSA-2013:1209
rhas Important https://access.redhat.com/errata/RHSA-2013:1437
rhas Low https://access.redhat.com/errata/RHSA-2013:1771
rhas Important https://access.redhat.com/errata/RHSA-2014:0029
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.00632 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.01366 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
epss 0.09005 https://api.first.org/data/v1/epss?cve=CVE-2013-4112
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=983489
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4112
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-cc62-496p-hrr7
cvssv2 5.4 https://nvd.nist.gov/vuln/detail/CVE-2013-4112
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4112.html
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1771.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4112.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4112
https://bugzilla.redhat.com/show_bug.cgi?id=983489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4112
717031 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717031
cpe:2.3:a:jgroups:jgroup:3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:jgroups:jgroup:3.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jgroups:jgroup:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*
CVE-2013-4112 https://bugzilla.redhat.com/CVE-2013-4112
CVE-2013-4112 https://nvd.nist.gov/vuln/detail/CVE-2013-4112
GHSA-cc62-496p-hrr7 https://github.com/advisories/GHSA-cc62-496p-hrr7
RHSA-2013:1207 https://access.redhat.com/errata/RHSA-2013:1207
RHSA-2013:1208 https://access.redhat.com/errata/RHSA-2013:1208
RHSA-2013:1209 https://access.redhat.com/errata/RHSA-2013:1209
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
RHSA-2013:1771 https://access.redhat.com/errata/RHSA-2013:1771
RHSA-2014:0029 https://access.redhat.com/errata/RHSA-2014:0029
No exploits are available.
Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4112
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.6792
EPSS Score 0.00632
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.