CVE-2016-8627 in JBoss Enterprise Application Platformالمعلومات

الملخص

بحسب MITRE

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Red Hat, Inc.

حجز

12/10/2016

إفشاء

11/05/2018

الاعتدال

تمت الموافقة

إدخال

VDB-95800

CPE

جاهز

CWE

CWE-400 (مؤكد)

CVSS

6.5 (NVD)

EPSS

0.00801

KEV

لا

النشاطات

منخفض جدًا

القطاع

Energy, Pharma, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8627
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8627
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8627/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!