Veracode Vulnerability DatabaseVERACODE:19917Denial Of Service
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
wildfly is vulnerable to denial of service attacks. Locally authenticated attacker could modify the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
References
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
access.redhat.com/errata/RHSA-2019:1106
access.redhat.com/errata/RHSA-2019:1107
access.redhat.com/errata/RHSA-2019:1108
access.redhat.com/errata/RHSA-2019:1140
access.redhat.com/errata/RHSA-2019:2413
access.redhat.com/errata/RHSA-2020:0727
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805
issues.jboss.org/browse/JBEAP-14861
issues.jboss.org/browse/JBEAP-15392
issues.jboss.org/browse/JBEAP-15477
issues.jboss.org/browse/JBEAP-15478
issues.jboss.org/browse/JBEAP-15568
issues.jboss.org/browse/JBEAP-15617
issues.jboss.org/browse/JBEAP-15622
issues.jboss.org/browse/JBEAP-15748
issues.jboss.org/browse/JBEAP-15805
issues.jboss.org/browse/JBEAP-15851
issues.jboss.org/browse/JBEAP-15869
issues.jboss.org/browse/JBEAP-15876
issues.jboss.org/browse/JBEAP-16025
issues.jboss.org/browse/JBEAP-16037
issues.jboss.org/browse/JBEAP-16086
issues.jboss.org/browse/JBEAP-16090
issues.jboss.org/browse/JBEAP-16091
issues.jboss.org/browse/JBEAP-16112
issues.jboss.org/browse/JBEAP-16122
issues.jboss.org/browse/JBEAP-16123
issues.jboss.org/browse/JBEAP-16124
issues.jboss.org/browse/JBEAP-16125
issues.jboss.org/browse/JBEAP-16137
issues.jboss.org/browse/JBEAP-16146
issues.jboss.org/browse/JBEAP-16147
issues.jboss.org/browse/JBEAP-16233
issues.jboss.org/browse/JBEAP-16259
issues.jboss.org/browse/JBEAP-16276
issues.jboss.org/browse/JBEAP-16321
issues.jboss.org/browse/JBEAP-16347
issues.jboss.org/browse/JBEAP-16356
issues.jboss.org/browse/JBEAP-16367
issues.jboss.org/browse/JBEAP-16368
issues.jboss.org/browse/JBEAP-16369
issues.jboss.org/browse/JBEAP-16381
issues.jboss.org/browse/JBEAP-16418
issues.jboss.org/browse/JBEAP-9657
security.netapp.com/advisory/ntap-20190517-0004/
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C