CVE-2017-12189 — Improper Ownership Management in HAT INC RED HAT Jboss Enterprise Application Platform

CWE-282 — Improper Ownership Management5 documents5 sources

Severity

7.8HIGHNVD

CNA7.0

EPSS

0.0%

top 84.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC RED HAT Jboss Enterprise Application Platform Redhat Enterprise Linux Redhat Jboss Enterprise Application Platform

Timeline

PublishedJan 10

Latest updateMay 13

Description

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform7.0

▶CVEListV5red_hat_inc/red_hat_jboss_enterprise_application_platform7.0.7.GA

Also affects: Enterprise Linux 6.0, 7.0

Patches

Patch: access.redhat.com ↗Patch: access.redhat.com ↗Patch: access.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-g689-52m8-86fh: It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7↗2022-05-13

▶

CVEList

CVE-2017-12189: It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7↗2018-01-10

▶

📋Vendor Advisories

Red Hat

jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2018-01-03

▶

💬Community

Bugzilla

CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2017-10-09

▶