CVE-2016-8627 — Uncontrolled Resource Consumption in Redhat Jboss Enterprise Application Platform

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.8%

top 25.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 11

Latest updateMay 13

Description

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform6.4.0, 7.0.0, 7.1.0+2

🔴Vulnerability Details

GHSA

GHSA-wmq3-659r-46hg: admin-cli before versions 3↗2022-05-13

▶

CVEList

CVE-2016-8627: admin-cli before versions 3↗2018-05-11

▶

📋Vendor Advisories

Red Hat

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files↗2017-01-18

▶

💬Community

Bugzilla

CVE-2016-8627 admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files↗2016-10-24

▶