Описание
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
Отчет
It was found that a variant of the Tomcat CVE-2016-1240 exploit is also applicable to Red Hat JBoss Enterprise Application Platform 5, 6, and 7. CVE-2016-8656 addresses these problems with JBoss EAP. The issue is now corrected in the various versions of Red Hat JBoss Enterprise Application Platform including EAP 6.4.13 and EAP 7.0.5. For further information please refer to https://access.redhat.com/articles/3016681
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | jboss | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 | jbossas | Fixed | RHSA-2018:1609 | 17.05.2018 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 | jbossas | Fixed | RHSA-2018:1609 | 17.05.2018 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-cxf | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | hornetq | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | infinispan | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-appclient | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-appclient | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-bundles | Fixed | RHSA-2017:0246 | 02.02.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-cli | Fixed | RHSA-2017:0246 | 02.02.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
6.9 Medium
CVSS2
Связанные уязвимости
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
EPSS
7 High
CVSS3
6.9 Medium
CVSS2