Improper Default Permissions in JBoss EAP 7.1.0 Allow Unauthorized CLI Access

Improper Default Permissions in JBoss EAP 7.1.0 Allow Unauthorized CLI Access

CVE-2016-7066 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Learn more about our User Device Pen Test.