It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HRed Hat Jboss Enterprise Application Platform
APPRedhatwszystkie wersjeRed Hat Wildfly
APPRedhatwszystkie wersje
Powiązane podatności
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpr...