Lucene search

[email protected]CVE-2016-8627

HistoryMay 11, 2018 - 1:29 p.m.

CVE-2016-8627

2018-05-1113:29:00

CWE-400

[email protected]

web.nvd.nist.gov

admin-cli

eap

log files

vulnerability

cross-origin attacks

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.

Affected configurations

Vulners

NVD

Node

redhatceph-iscsi-cliRange≤3.0.0

redhatceph-iscsi-cliRange≤2.2.1

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.4.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq7.0.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq7.1.0

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.4.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	7.0.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	7.1.0

CNA Affected

[
  {
    "product": "admin-cli",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "admin-cli 3.0.0.Alpha25"
      },
      {
        "status": "affected",
        "version": "admin-cli 2.2.1.CR2"
      }
    ]
  }
]

References

rhn.redhat.com/errata/RHSA-2017-0170.html

rhn.redhat.com/errata/RHSA-2017-0171.html

rhn.redhat.com/errata/RHSA-2017-0172.html

rhn.redhat.com/errata/RHSA-2017-0173.html

rhn.redhat.com/errata/RHSA-2017-0244.html

rhn.redhat.com/errata/RHSA-2017-0245.html

rhn.redhat.com/errata/RHSA-2017-0246.html

rhn.redhat.com/errata/RHSA-2017-0247.html

rhn.redhat.com/errata/RHSA-2017-0250.html

www.securityfocus.com/bid/95698

www.securitytracker.com/id/1037660

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8627

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2016-8627

redhatcve1 prion1 osv1 cvelist1 nvd1 veracode1 redhat13 nessus10