NVD Vulnerability Detail

CVE-2017-12189

Summary	It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.
Publication Date	Jan. 11, 2018, 4:29 a.m.
Registration Date	Jan. 26, 2021, 1:13 p.m.
Last Update	Nov. 21, 2024, 12:09 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/102407	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/102407	Third Party Advisory VDB Entry
3	https://access.redhat.com/errata/RHSA-2018:0002	Patch Vendor Advisory
4	https://access.redhat.com/errata/RHSA-2018:0002	Patch Vendor Advisory
5	https://access.redhat.com/errata/RHSA-2018:0003	Patch Vendor Advisory
6	https://access.redhat.com/errata/RHSA-2018:0003	Patch Vendor Advisory
7	https://access.redhat.com/errata/RHSA-2018:0004	Patch Vendor Advisory
8	https://access.redhat.com/errata/RHSA-2018:0004	Patch Vendor Advisory
9	https://access.redhat.com/errata/RHSA-2018:0005	Patch Vendor Advisory
10	https://access.redhat.com/errata/RHSA-2018:0005	Patch Vendor Advisory
11	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189	Issue Tracking Third Party Advisory
12	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189	Issue Tracking Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Red Hat JBoss Enterprise Application Platform における認可・権限・アクセス制御に関する脆弱性

Title	Red Hat JBoss Enterprise Application Platform における認可・権限・アクセス制御に関する脆弱性
Summary	Red Hat JBoss Enterprise Application Platform には、認可・権限・アクセス制御に関する脆弱性が存在します。本脆弱性は、CVE-2016-8656 に対する修正が不十分だったことによる脆弱性です。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 9, 2017, midnight
Registration Date	Feb. 22, 2018, 5:08 p.m.
Last Update	Feb. 22, 2018, 5:08 p.m.

Affected System

レッドハット

JBoss Enterprise Application Platform

Red Hat Enterprise Linux

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-12189	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12189
National Vulnerability Database (NVD)
2	CVE-2017-12189	https://nvd.nist.gov/vuln/detail/CVE-2017-12189

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 1499631	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189
Red Hat Security Advisory
2	RHSA-2018:0002	https://access.redhat.com/errata/RHSA-2018:0002
3	RHSA-2018:0003	https://access.redhat.com/errata/RHSA-2018:0003
4	RHSA-2018:0004	https://access.redhat.com/errata/RHSA-2018:0004
5	RHSA-2018:0005	https://access.redhat.com/errata/RHSA-2018:0005

Change Log

No	Changed Details	Date of change
1	[2018年02月22日] 掲載	Feb. 22, 2018, 5:08 p.m.