{"containers": {"cna": {"affected": [{"product": "Red Hat JBoss Enterprise Application Platform", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "7.0.7.GA"}]}], "datePublic": "2017-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-282", "description": "CWE-282", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-11T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"}, {"name": "RHSA-2018:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"name": "RHSA-2018:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"name": "RHSA-2018:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"name": "RHSA-2018:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"name": "102407", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102407"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.689Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"}, {"name": "RHSA-2018:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"name": "RHSA-2018:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"name": "RHSA-2018:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"name": "RHSA-2018:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"name": "102407", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102407"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12189", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.689Z", "state": "PUBLISHED", "datePublished": "2018-01-10T19:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656."}, {"lang": "es", "value": "Se ha descubierto que el script init jboss, tal y como se usa en Red Hat JBoss Enterprise Application Platform 7.0.7.GA, gestionaba archivos de manera no segura, lo que podr\u00eda resultar en un escalado de privilegios local. Este problema es el resultado de una soluci\u00f3n incompleta para CVE-2016-8656."}], "id": "CVE-2017-12189", "lastModified": "2024-11-21T03:09:01.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T19:29:00.247", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102407"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-282"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0003", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "package": "jbossas", "product_name": "Red Hat JBoss EAP 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0005", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0005", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}], "bugzilla": {"description": "jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)", "id": "1499631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499631"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.", "It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation."], "name": "CVE-2017-12189", "public_date": "2018-01-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12189\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12189"], "threat_severity": "Important"}