vulnerability

Red Hat JBoss EAP: CVE-2016-7066: Incorrect Privilege Assignment

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:N/C:P/I:P/A:C)	Dec 13, 2017	Sep 19, 2024	Jul 2, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:C)

Published

Dec 13, 2017

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.. It was found that the improper default permissions on /tmp/auth directory in EAP 7 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-266
CVE-2016-7066
https://attackerkb.com/topics/CVE-2016-7066
URL-https://access.redhat.com/security/cve/CVE-2016-7066
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1401661
URL-https://access.redhat.com/errata/RHSA-2017:3456

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today