PT-2018-7124 · Red Hat · Red Hat Jboss Enterprise Application

Published

2018-07-27

Updated

2019-10-09

CVE-2017-2595

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Enterprise Application versions 6 and 7

Description: The log file viewer in the affected software allows an authenticated user to read arbitrary files via path traversal.

Recommendations: For Red Hat JBoss Enterprise Application versions 6 and 7, consider restricting access to the log file viewer until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-2595

RHSA-2017:1410

RHSA-2017:1411

RHSA-2017:1412

RHSA-2017:1548

RHSA-2017:1549

RHSA-2017:1550

RHSA-2017:1552

RHSA-2017:3454

RHSA-2017:3455

RHSA-2017:3458

Affected Products

Red Hat Jboss Enterprise Application

PT-2018-7124 · Red Hat · Red Hat Jboss Enterprise Application

CVE-2017-2595

Weakness Enumeration

Related Identifiers

Affected Products

References · 18