Vulnerability Description
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
CVSS Score
7.7
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 6.0.0 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2017-1409.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2017-1551.htmlVendor Advisory
- http://www.securityfocus.com/bid/98967Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038757Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1410Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1411Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1412Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1548Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1549Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1550Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1552Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3454Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3455Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3456Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3458Vendor Advisory
FAQ
What is CVE-2017-2595?
CVE-2017-2595 is a vulnerability with a CVSS score of 7.7 (HIGH). It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
How severe is CVE-2017-2595?
CVE-2017-2595 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2595?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.