CVE-2016-8627

moderate-risk

Published 2018-05-11

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.

Do I need to act?

0.80% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Jboss Enterprise Application Platform

Keycloak

Affected Vendors

Redhat

References (32)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0170.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0171.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0172.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0173.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0244.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0245.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0246.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0247.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0250.html

Third Party Advisory http://www.securityfocus.com/bid/95698

Third Party Advisory http://www.securitytracker.com/id/1037660

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3454

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3455

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3456

Third Party Advisory https://access.redhat.com/errata/RHSA-2017:3458

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8627

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0170.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0171.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0172.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0173.html

and 12 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 10/34 · Low