CVE-2019-3805

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 3 May 2019

Summary

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

Affected Version(s)

wildfly affects up to 16.0.0.Final

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2019:1107

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2019:1108

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2019
Vulnerability Reserved
Jan 3, 2019

.