CVE-2016-8656

HIGH

Jboss <5.2.0-23, 6.4.13, 7.0.5 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0250.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0831.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0834.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3458
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1609
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0832.html
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96035
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0244.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0246.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3455
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3454
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0245.html

Scores

CVSS v3 7.0
EPSS 0.0037
EPSS Percentile 28.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264 CWE-284
Status published
Products (5)
redhat/jboss_enterprise_application_platform 5.0.0
redhat/jboss_enterprise_application_platform 6.0.0
redhat/jboss_enterprise_application_platform 6.4.0
redhat/jboss_enterprise_application_platform 7.0.0
redhat/jboss_enterprise_application_platform 7.1.0
Published May 22, 2018
Tracked Since Feb 18, 2026