CVE Vulnerabilities

CVE-2017-12189

Published: Jan 10, 2018 | Modified: Oct 09, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7 IMPORTANT
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Affected Software

Name Vendor Start Version End Version
Jboss_enterprise_application_platform Redhat 7.0 (including) 7.0 (including)
Red Hat JBoss EAP 7 RedHat jbossas *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 RedHat eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el6 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 RedHat eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el7 *

References