Published: 31/07/2018 Updated: 12/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Jboss Enterprise Application Platform

It exists that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and previous versions), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
redhat jboss_enterprise_application_platform 5.0.0

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 5 and Red Hat JBoss Enterprise Application Platform 5 for Red Hat Ent ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 5 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 5Red Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: jboss-ec2-eap security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impac ...

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files The file is writable to jboss group (root:jboss, 664) On systems using classic /etc/initd init scripts (ie on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657 https://access.redhat.com/errata/RHSA-2018:1609 http://www.securityfocus.com/bid/96896 http://rhn.redhat.com/errata/RHSA-2017-0829.html http://rhn.redhat.com/errata/RHSA-2017-0828.html http://rhn.redhat.com/errata/RHSA-2017-0827.html http://rhn.redhat.com/errata/RHSA-2017-0826.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:0828

CVE-2016-8657

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect