SB2017062606 - Multiple vulnerabilities in Red Hat JBoss
Published: June 26, 2017
Security Bulletin ID
SB2017062606
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2017-2595)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.The weakness exists due to path traversal flaw in the log file viewer. A remote attacker can send specially crafted data and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
2) Security restrictions bypass (CVE-ID: CVE-2016-5018)
The vulnerability allows an application to bypass security manager restrictions on the target system.The weakness improper access control. By invoking a certain Tomcat utility method, a malicious application can bypass a configured SecurityManager.
Successful exploitation of the vulnerability results in security bypass.
3) Security restrictions bypass (CVE-ID: CVE-2016-6796)
The vulnerability allows an application to bypass security manager restrictions on the target system.The weakness improper access control. By modifying of configuration parameters for the JSP Servlet, a malicious application can bypass a configured SecurityManager.
Successful exploitation of the vulnerability results in security bypass.
Remediation
Install update from vendor's website.