CVE-2016-6345
Find out more about CVE-2016-6345 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 2.1 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:S/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 3.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | katello | Will not fix |
| Red Hat Single Sign-On 7 | Core | Not affected |
| Red Hat Satellite 6 | Security | Not affected |
| Red Hat JBoss Portal Platform 6 | Requirements | Not affected |
| Red Hat JBoss Operations Network 3 | REST | Will not fix |
| Red Hat JBoss Fuse Service Works 6 | resteasy | Will not fix |
| Red Hat JBoss Fuse 6 | SwitchYard | Will not fix |
| Red Hat JBoss Enterprise SOA Platform 5 | Security | Will not fix |
| Red Hat JBoss EAP 7 | REST | Will not fix |
| Red Hat JBoss EAP 6 | RESTEasy | Will not fix |
| Red Hat JBoss EAP 5 | jbossas | Will not fix |
| Red Hat JBoss Data Virtualization 6 | resteasy | Will not fix |
| Red Hat JBoss Data Grid 7 | resteasy | Will not fix |
| Red Hat JBoss Data Grid 6 | Build | Not affected |
| Red Hat JBoss BRMS 6 | resteasy | Will not fix |
| Red Hat JBoss BRMS 5 | Security | Will not fix |
| Red Hat JBoss BPMS 6 | resteasy | Will not fix |
| RHEV Manager 3 | vdsm-jsonrpc-java | Will not fix |
Acknowledgements
Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue.Mitigation
Don't enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services Applications documentation: https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/paged/developing-web-services-applications/chapter-2-developing-jax-rs-web-services
