Описание
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | wildfly | Under investigation | ||
| Red Hat JBoss EAP 7 | Fixed | RHSA-2017:1409 | 07.06.2017 | |
| Red Hat JBoss EAP 7 | Fixed | RHSA-2017:3456 | 13.12.2017 | |
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2017:1551 | 20.06.2017 | |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | hornetq | Fixed | RHSA-2017:1550 | 20.06.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | ironjacamar-eap6 | Fixed | RHSA-2017:1550 | 20.06.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-appclient | Fixed | RHSA-2017:1550 | 20.06.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-appclient | Fixed | RHSA-2017:1550 | 20.06.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-bundles | Fixed | RHSA-2017:1550 | 20.06.2017 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-cli | Fixed | RHSA-2017:1550 | 20.06.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1413028wildfly: Arbitrary file read via path traversal
EPSS
Процентиль: 78%
0.01165
Низкий
7.7 High
CVSS3
Связанные уязвимости
CVSS3: 7.7
nvd
больше 7 лет назад
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
CVSS3: 7.7
debian
больше 7 лет назад
It was found that the log file viewer in Red Hat JBoss Enterprise Appl ...
CVSS3: 6.5
github
больше 3 лет назад
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
EPSS
Процентиль: 78%
0.01165
Низкий
7.7 High
CVSS3