CVE-2017-2595 — Path Traversal in Redhat Jboss Enterprise Application Platform

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUMNVD

CNA7.7

EPSS

1.1%

top 21.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedJul 27

Latest updateMay 13

Description

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform4 versions+3

🔴Vulnerability Details

GHSA

GHSA-94q8-x74c-h24h: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traver↗2022-05-13

▶

CVEList

CVE-2017-2595: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traver↗2018-07-27

▶

📋Vendor Advisories

Red Hat

wildfly: Arbitrary file read via path traversal↗2017-06-07

▶

💬Community

Bugzilla

CVE-2017-2595 wildfly: Arbitrary file read via path traversal↗2017-01-13

▶