Vulnerability Name: | CVE-2016-8656 (CCN-121691) | ||||||||||||
Assigned: | 2016-10-12 | ||||||||||||
Published: | 2017-02-02 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-8656 Source: CCN Type: RHSA-2017-0244 Important: Red Hat JBoss Enterprise Application Platform security update Source: REDHAT Type: Vendor Advisory RHSA-2017:0244 Source: CCN Type: RHSA-2017-0245 Important: Red Hat JBoss Enterprise Application Platform security update Source: REDHAT Type: Vendor Advisory RHSA-2017:0245 Source: CCN Type: RHSA-2017-0246 Important: Red Hat JBoss Enterprise Application Platform security update Source: REDHAT Type: Vendor Advisory RHSA-2017:0246 Source: CCN Type: RHSA-2017-0247 Important: Red Hat JBoss Enterprise Application Platform security update Source: CCN Type: RHSA-2017-0250 Important: jboss-ec2-eap security, bug fix, and enhancement update Source: REDHAT Type: Vendor Advisory RHSA-2017:0250 Source: CCN Type: RHSA-2017-0831 Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 6 Source: REDHAT Type: Vendor Advisory RHSA-2017:0831 Source: CCN Type: RHSA-2017-0832 Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 7 Source: REDHAT Type: Vendor Advisory RHSA-2017:0832 Source: CCN Type: RHSA-2017-0834 Important: jboss-ec2-eap package for EAP 7.0.5 Source: REDHAT Type: Vendor Advisory RHSA-2017:0834 Source: BID Type: Third Party Advisory, VDB Entry 96035 Source: CCN Type: BID-96035 Red Hat JBoss Enterprise Application Platform CVE-2016-8656 Local Privilege Escalation Vulnerability Source: REDHAT Type: Vendor Advisory RHSA-2017:3454 Source: REDHAT Type: Vendor Advisory RHSA-2017:3455 Source: REDHAT Type: Vendor Advisory RHSA-2017:3458 Source: REDHAT Type: Vendor Advisory RHSA-2018:1609 Source: CCN Type: Red Hat Bugzilla Bug 1400344 (CVE-2016-8656) CVE-2016-8656 jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656 Source: XF Type: UNKNOWN redhat-cve20168656-priv-esc(121691) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |