PT-2018-7124 · Red Hat · Red Hat Jboss Enterprise Application

Publicado

2018-07-27

Atualizado

2019-10-09

CVE-2017-2595

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Enterprise Application versions 6 and 7

Description: The log file viewer in the affected software allows an authenticated user to read arbitrary files via path traversal.

Recommendations: For Red Hat JBoss Enterprise Application versions 6 and 7, consider restricting access to the log file viewer until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2017-2595

RHSA-2017:1410

RHSA-2017:1411

RHSA-2017:1412

RHSA-2017:1548

RHSA-2017:1549

RHSA-2017:1550

RHSA-2017:1552

RHSA-2017:3454

RHSA-2017:3455

RHSA-2017:3458

Produtos afetados

Red Hat Jboss Enterprise Application

PT-2018-7124 · Red Hat · Red Hat Jboss Enterprise Application

CVE-2017-2595

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18