Local Privilege Escalation Vulnerability in WildFly by Red Hat
CVE-2019-3805

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 3 May 2019

🔔 Create Red Hat Vulnerability Alert

What is CVE-2019-3805?

A vulnerability in WildFly, up to version 16.0.0.Final, allows local users with permission to execute init.d scripts to influence process management on the system. By manipulating the PID file located in /var/run/jboss-eap/, an attacker could exploit this flaw to terminate any process as root, leading to potential system control.

Affected Version(s)

wildfly affects up to 16.0.0.Final

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:1107

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2019:1108

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2019
Vulnerability Reserved
Jan 3, 2019

.