Описание
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.5 Medium
CVSS3
4.7 Medium
CVSS3
4.7 Medium
CVSS2
Дефекты
Связанные уязвимости
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
A flaw was discovered in wildfly versions up to 16.0.0.Final that woul ...
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Уязвимость Java-сервера приложений WildFly, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю завершать произвольные процессы в системе
EPSS
5.5 Medium
CVSS3
4.7 Medium
CVSS3
4.7 Medium
CVSS2