CVE-2019-3805

medium

Description

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

References

https://security.netapp.com/advisory/ntap-20190517-0004/

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805

https://access.redhat.com/errata/RHSA-2020:0727

https://access.redhat.com/errata/RHSA-2019:2413

https://access.redhat.com/errata/RHSA-2019:1140

https://access.redhat.com/errata/RHSA-2019:1108

https://access.redhat.com/errata/RHSA-2019:1107

https://access.redhat.com/errata/RHSA-2019:1106

Details

Source: Mitre, NVD

Published: 2019-05-03

Updated: 2020-10-16

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium