CVE-2019-3805 — MEDIUM (4.7)

Q: How severe is CVE-2019-3805?

CVE-2019-3805 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3805?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Wildfly.

Vulnerability Description

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	6.0.0
Redhat	Wildfly	<= 16.0.0

Related Weaknesses (CWE)

CWE-364 CWE-269

References

https://access.redhat.com/errata/RHSA-2019:1106Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1107Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1108Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1140Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2413Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805Issue TrackingVendor Advisory
https://security.netapp.com/advisory/ntap-20190517-0004/Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1106Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1107Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1108Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1140Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:2413Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805Issue TrackingVendor Advisory

FAQ

What is CVE-2019-3805?

CVE-2019-3805 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploi...

How severe is CVE-2019-3805?

CVE-2019-3805 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3805?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Wildfly.