{"containers": {"cna": {"affected": [{"product": "JBoss Enterprise Application Platform", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "7.1.0"}]}], "datePublic": "2018-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-12T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:3456", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3456"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-7066", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "JBoss Enterprise Application Platform", "version": {"version_data": [{"version_value": "7.1.0"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."}]}, "impact": {"cvss": [[{"vectorString": "6.1/AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-266"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:3456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3456"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.460Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3456"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-7066", "datePublished": "2018-09-11T14:00:00", "dateReserved": "2016-08-23T00:00:00", "dateUpdated": "2024-08-06T01:50:47.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "66987583-94FD-4B9A-9D5F-F1C27C51821E", "versionEndExcluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."}, {"lang": "es", "value": "Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de l\u00ednea de comandos y ejecute cualquier operaci\u00f3n arbitraria."}], "id": "CVE-2016-7066", "lastModified": "2024-11-21T02:57:23.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-11T14:29:00.833", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3456"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-275"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jeremy Choi (Red Hat).", "affected_release": [{"advisory": "RHSA-2017:3456", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "product_name": "Red Hat JBoss EAP 7", "release_date": "2017-12-13T00:00:00Z"}], "bugzilla": {"description": "admin-cli: Any local users can connect to jboss-cli", "id": "1401661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401661"}, "csaw": false, "cvss": {"cvss_base_score": "6.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "status": "verified"}, "cwe": "CWE-266", "details": ["It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.", "It was found that the improper default permissions on /tmp/auth directory in EAP 7 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations."], "name": "CVE-2016-7066", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "admin-cli", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}], "public_date": "2017-12-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7066\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7066"], "threat_severity": "Important", "upstream_fix": "eap 7.1.0"}