VDB
CVE-2019-3805
CVE-2019-3805
PUBLISHED
CVSS 5.5 MEDIUM
Reported by redhat · Published May 3, 2019
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Risk Scores
CVSS 3.0
5.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | wildfly | affects up to 16.0.0.Final |
| Red Hat | wildfly | affects up to 16.0.0.Final |
Timeline
- Dec 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- x_refsource_CONFIRM
- RHSA-2019:1107 vendor-advisoryx_refsource_REDHAT
- RHSA-2019:1108 vendor-advisoryx_refsource_REDHAT
- RHSA-2019:1106 vendor-advisoryx_refsource_REDHAT
- RHSA-2019:1140 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2019:2413 vendor-advisoryx_refsource_REDHAT
- RHSA-2020:0727 vendor-advisoryx_refsource_REDHAT