Vulnerability Name:

CVE-2017-2595 (CCN-127532)

Assigned:2016-12-01
Published:2017-06-07
Updated:2019-10-09
Summary:It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2017-2595

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1409

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1551

Source: BID
Type: Third Party Advisory, VDB Entry
98967

Source: CCN
Type: BID-98967
Red Hat Wildfly CVE-2017-2595 Directory Traversal Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1038757

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1410

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1411

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1412

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1548

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1549

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1550

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:1552

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:3454

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:3455

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:3456

Source: REDHAT
Type: Vendor Advisory
RHSA-2017:3458

Source: CCN
Type: Red Hat Bugzilla – Bug 1413028
(CVE-2017-2595) CVE-2017-2595 wildfly: Arbitrary file read via path traversal

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2595

Source: XF
Type: UNKNOWN
jboss-cve20172595-dir-trav(127532)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    redhat jboss enterprise application platform 6.0.0
    redhat jboss enterprise application platform 6.4.0
    redhat jboss enterprise application platform 7.0.0
    redhat jboss enterprise application platform 7.1.0
    redhat enterprise linux 6.0
    redhat enterprise linux 7.0