admin-cli in Red Hat JBoss Enterprise Application Platform is vulnerable to information disclosure. This vulnerability exists due to EAP feature to download server log files that allows logs to be available via GET requests causing cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
rhn.redhat.com/errata/RHSA-2017-0170.html
rhn.redhat.com/errata/RHSA-2017-0171.html
rhn.redhat.com/errata/RHSA-2017-0172.html
rhn.redhat.com/errata/RHSA-2017-0173.html
rhn.redhat.com/errata/RHSA-2017-0244.html
rhn.redhat.com/errata/RHSA-2017-0245.html
rhn.redhat.com/errata/RHSA-2017-0246.html
rhn.redhat.com/errata/RHSA-2017-0247.html
rhn.redhat.com/errata/RHSA-2017-0250.html
www.securityfocus.com/bid/95698
www.securitytracker.com/id/1037660
access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/
access.redhat.com/errata/RHSA-2017:0170
access.redhat.com/errata/RHSA-2017:3454
access.redhat.com/errata/RHSA-2017:3455
access.redhat.com/errata/RHSA-2017:3456
access.redhat.com/errata/RHSA-2017:3458
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8627
issues.jboss.org/browse/JBEAP-5960