|CERT-In Vulnerability Note
Directory Traversal Vulnerability in Red Hat JBoss
Original Issue Date:December 14, 2016
Severity Rating: MEDIUM
- RedHat JBoss Business Process Management (BPM) Suite6.3.3
- Red Hat JBoss Business Rules Management System (BRMS) 6.3
A Vulnerability has been reported in Red Hat JBoss which could be exploited by a remote attacker to conduct disclosure of information on a targeted system.
The vulnerability exists in Drools Workbench Component of Red Hat JBoss due to improper validation of user supplied input. A remote attacker could exploit this vulnerability by supplying a specially crafted request to bypass directory restrictions and view arbitrary files on targeted system.
Apply appropriate Security fixes as mentioned in the following vendor advisories.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003