CVE-2019-3805
5.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | wildfly | affects up to 16.0.0.Final | affected |
Weaknesses
- CWE-364: CWE-364
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805
- https://access.redhat.com/errata/RHSA-2019:1107
- https://access.redhat.com/errata/RHSA-2019:1108
- https://access.redhat.com/errata/RHSA-2019:1106
- https://access.redhat.com/errata/RHSA-2019:1140
- https://security.netapp.com/advisory/ntap-20190517-0004/
- https://access.redhat.com/errata/RHSA-2019:2413
- https://access.redhat.com/errata/RHSA-2020:0727
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805
- https://access.redhat.com/errata/RHSA-2019:1107
- https://access.redhat.com/errata/RHSA-2019:1108
- https://access.redhat.com/errata/RHSA-2019:1106
- https://access.redhat.com/errata/RHSA-2019:1140
- https://security.netapp.com/advisory/ntap-20190517-0004/
- https://access.redhat.com/errata/RHSA-2019:2413
- https://access.redhat.com/errata/RHSA-2020:0727
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.