| Vulnerability Name: | CVE-2015-5304 (CCN-108531) | ||||||||
| Assigned: | 2015-12-03 | ||||||||
| Published: | 2015-12-03 | ||||||||
| Updated: | 2015-12-17 | ||||||||
| Summary: | Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-5304 Source: REDHAT Type: Vendor Advisory RHSA-2015:2538 Source: REDHAT Type: Vendor Advisory RHSA-2015:2539 Source: REDHAT Type: Vendor Advisory RHSA-2015:2540 Source: REDHAT Type: Vendor Advisory RHSA-2015:2541 Source: REDHAT Type: Vendor Advisory RHSA-2015:2542 Source: CCN Type: SECTRACK ID: 1034280 Red Hat JBoss Enterprise Application Platform Lets Remote Authenticated Users Deny Service Source: CCN Type: Red Hat Web site Red Hat JBoss Enterprise Application Platform Source: SECTRACK Type: UNKNOWN 1034280 Source: CONFIRM Type: Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1273046 Source: XF Type: UNKNOWN redhat-jbosseap-cve20155304-dos(108531) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||