MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2019-3805

CVSS 4.7v3.1pub. 2019-05-03upd. 2024-11-21

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    6.0.07.0.0
  • Red Hat Wildfly

    APP
    Redhat
    ≤ 16.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2019-14887CRITICAL9.1ten sam produkt

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...

CVE-2019-14892CRITICAL9.8ten sam produkt

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...

CVE-2019-20444CRITICAL9.1ten sam produkt

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpr...