CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
7.0.0
redhatwildfly
𝑥
≤ 16.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:1106
https://access.redhat.com/errata/RHSA-2019:1107
https://access.redhat.com/errata/RHSA-2019:1108
https://access.redhat.com/errata/RHSA-2019:1140
https://access.redhat.com/errata/RHSA-2019:2413
https://access.redhat.com/errata/RHSA-2020:0727
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805
https://security.netapp.com/advisory/ntap-20190517-0004/
https://access.redhat.com/errata/RHSA-2019:1106
https://access.redhat.com/errata/RHSA-2019:1107
https://access.redhat.com/errata/RHSA-2019:1108
https://access.redhat.com/errata/RHSA-2019:1140
https://access.redhat.com/errata/RHSA-2019:2413
https://access.redhat.com/errata/RHSA-2020:0727
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805
https://security.netapp.com/advisory/ntap-20190517-0004/