CVE-2020-14317
MEDIUMJBoss Enterprise Application Platform - Signal Handler Race Condition via PID File Modification
Title source: llmDescription
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1854251
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-364
Status
published
Products (2)
redhat/jboss_enterprise_application_platform
redhat/wildfly
Published
Jun 02, 2021
Tracked Since
Feb 18, 2026