Main Vulnerability Database Vulnerabilities #VU36708

Input validation error in JBoss Enterprise Application Platform - CVE-2016-7066

Published: September 11, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36708

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7066

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
JBoss Enterprise Application Platform

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

How to mitigate CVE-2016-7066

Install update from vendor's website.

Sources

https://access.redhat.com/errata/RHSA-2017:3456
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066

Input validation error in JBoss Enterprise Application Platform - CVE-2016-7066

Detailed vulnerability description

How to mitigate CVE-2016-7066

Sources

Please verify you're human