CVE-2017-12167
EAP-7: Wrong privileges on multiple property files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permitiendo el acceso a la información de usuarios y roles a todos los usuarios conectados al sistema.
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-01 CVE Reserved
- 2017-12-14 CVE Published
- 2023-07-20 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100903 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3454 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2017:3455 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2017:3456 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2017:3458 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:0002 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:0003 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:0004 | 2019-10-09 | |
https://access.redhat.com/errata/RHSA-2018:0005 | 2019-10-09 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167 | 2019-10-09 | |
https://access.redhat.com/security/cve/CVE-2017-12167 | 2018-01-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1491612 | 2018-01-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.1.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | < 7.0.9 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " < 7.0.9" | - |
Affected
|