CVE-2016-8656
jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
Jboss jbossas en versiones anteriores a la 5.2.0-23, 6.4.13 y 7.0.5 es vulnerable a una gestión insegura de archivos en el script init de jboss, lo que podría resultar en un escalado de privilegios local.
It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-10-12 CVE Reserved
- 2017-02-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-284: Improper Access Control
CAPEC
References (15)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96035 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0244.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0245.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0246.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0250.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0831.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0832.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0834.html | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3454 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3455 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3458 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2018:1609 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-8656 | 2018-05-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1400344 | 2018-05-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0" | - |
Affected
|