{ "threat_severity" : "Important", "public_date" : "2018-01-03T00:00:00Z", "bugzilla" : { "description" : "jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)", "id" : "1499631", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1499631" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "details" : [ "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.", "It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation." ], "affected_release" : [ { "product_name" : "Red Hat JBoss EAP 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0003", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7", "package" : "eap-parent" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0002", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0005", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package" : "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0004", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date" : "2018-01-03T00:00:00Z", "advisory" : "RHSA-2018:0005", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package" : "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-12189\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12189" ], "name" : "CVE-2017-12189", "csaw" : false }