CVE-2017-12167: Infoleak
First published: Thu Sep 14 2017(Updated: )
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Application Platform | <7.0.9 | |
| Redhat Jboss Enterprise Application Platform | =7.1.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Jboss Enterprise Application Platform | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/100903
- https://access.redhat.com/errata/RHSA-2017:3454
- https://access.redhat.com/errata/RHSA-2017:3455
- https://access.redhat.com/errata/RHSA-2017:3456
- https://access.redhat.com/errata/RHSA-2017:3458
- https://access.redhat.com/errata/RHSA-2018:0002
- https://access.redhat.com/errata/RHSA-2018:0003
- https://access.redhat.com/errata/RHSA-2018:0004
- https://access.redhat.com/errata/RHSA-2018:0005
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167
- https://bugzilla.redhat.com/show_bug.cgi?id=1491612
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-12167
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.1.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- version/redhat jboss enterprise application platform/7.0.0