CVE-2019-3805

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3805

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3805.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3805

Related

Published

2019-05-03T20:29:01Z

Modified

2024-09-03T02:52:58.696214Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

References

Affected packages

Git / github.com/wildfly/wildfly

Affected ranges

Type: GIT
Repo: https://github.com/wildfly/wildfly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2ccbaba05add7c1cd7bbc461a411e9a8b294244d

Last affected

54c3af2a8dfed3621826094ec07ff861a6425107

Affected versions

7.*

7.0.0.Alpha1

7.0.0.Alpha1-final

7.0.0.Beta1-prerelease

7.0.0.Beta2

7.0.0.Beta2-prerelease

7.0.0.Beta3

7.0.0.CR1

7.0.0.Final-prerelease