vulnerability
Red Hat JBoss EAP: CVE-2016-6311: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 3, 2016 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 3, 2016
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.. It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to access.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-200
- CVE-2016-6311
- https://attackerkb.com/topics/CVE-2016-6311
- URL-https://access.redhat.com/security/cve/CVE-2016-6311
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1362735
- URL-https://access.redhat.com/errata/RHSA-2017:3454
- URL-https://access.redhat.com/errata/RHSA-2017:3455
- URL-https://access.redhat.com/errata/RHSA-2017:3456
- URL-https://access.redhat.com/errata/RHSA-2017:3458
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.