CVE-2016-7041
Workbench: Path traversal vulnerability
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
Drools Workbench contiene una vulnerabilidad de salto de directorio. La vulnerabilidad permite que un atacante autenticado remoto omita las restricciones del directorio y recupere archivos arbitrarios desde el host afectado
Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-23 CVE Reserved
- 2016-11-29 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94566 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037406 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2822.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2016-2823.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2016-2937.html | 2023-02-12 | |
| http://rhn.redhat.com/errata/RHSA-2016-2938.html | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2016-7041 | 2016-12-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375757 | 2016-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Brms Search vendor "Redhat" for product "Jboss Brms" | 6.3 Search vendor "Redhat" for product "Jboss Brms" and version "6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Drools Search vendor "Redhat" for product "Jboss Drools" | - | - |
Affected
| ||||||