Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2016-8657
Reference:
CVE-2016-8657
Title:
Jboss EAP Permissions Privileges and Access Controls Vulnerability
Overview:
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier) the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started stopped or restarted.