A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
oryginał ENCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HRed Hat Jboss Enterprise Application Platform
APPRedhat6.0.07.0.0Red Hat Wildfly
APPRedhat≤ 16.0.0
Powiązane podatności
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpr...