Rapid7 Vulnerability & Exploit Database

Red Hat JBoss EAP: Improper Privilege Management (CVE-2019-3805)

Back to Search

Red Hat JBoss EAP: Improper Privilege Management (CVE-2019-3805)

Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Published
05/03/2019
Created
11/23/2019
Added
11/14/2019
Modified
10/19/2020

Description

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

Solution(s)

  • red-hat-jboss-eap-upgrade-7_2_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;