| Vulnerability Name: | CVE-2019-3805 (CCN-160614) | ||||||||||||
| Assigned: | 2019-05-03 | ||||||||||||
| Published: | 2019-05-03 | ||||||||||||
| Updated: | 2020-10-16 | ||||||||||||
| Summary: | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. | ||||||||||||
| CVSS v3 Severity: | 4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) 4.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-269 CWE-364 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-3805 Source: REDHAT Type: Vendor Advisory RHSA-2019:1106 Source: REDHAT Type: Vendor Advisory RHSA-2019:1107 Source: REDHAT Type: Vendor Advisory RHSA-2019:1108 Source: REDHAT Type: Vendor Advisory RHSA-2019:1140 Source: REDHAT Type: Vendor Advisory RHSA-2019:2413 Source: REDHAT Type: Vendor Advisory RHSA-2020:0727 Source: CCN Type: Red Hat Bugzilla Bug 1660263 (CVE-2019-3805) - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users Source: CONFIRM Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805 Source: XF Type: UNKNOWN wildfly-cve20193805-dos(160614) Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20190517-0004/ Source: CCN Type: Wildfly Web site Wildfly | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||