#VU7202 Path traversal in JBoss Enterprise Application Platform and JBoss Application Server
Vulnerability identifier: #VU7202
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
JBoss Enterprise Application Platform
Server applications /
Application servers
JBoss Application Server
Server applications /
Application servers
Vendor: Red Hat Inc.
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists due to path traversal flaw in the log file viewer. A remote attacker can send specially crafted data and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Mitigation
Install update from vendor's website.
Vulnerable software versions
JBoss Enterprise Application Platform: 7.0.0
JBoss Application Server: EAP 6
External links
http://access.redhat.com/errata/RHSA-2017:1549
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
