CVE-2019-3805

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3805
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3805.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3805
Related
Published
2019-05-03T20:29:01Z
Modified
2024-09-03T02:52:58.696214Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

References

Affected packages

Git / github.com/wildfly/wildfly

Affected ranges

Type
GIT
Repo
https://github.com/wildfly/wildfly
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

7.*

7.0.0.Alpha1
7.0.0.Alpha1-final
7.0.0.Beta1-prerelease
7.0.0.Beta2
7.0.0.Beta2-prerelease
7.0.0.Beta3
7.0.0.CR1
7.0.0.Final-prerelease