Jboss EAP Permission Issues Vulnerability (CVE-2016-7066)

Description

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Remediation

References

CVE-2016-7066

Related Vulnerabilities

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)

Microsoft SQL Server Other Vulnerability (CVE-2001-0542)

Envoy Proxy Integer Overflow or Wraparound Vulnerability (CVE-2021-28682)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737)

Oracle Database Server CVE-2012-0527 Vulnerability (CVE-2012-0527)

Severity

High

Classification

CVE-2016-7066 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H