{"id":"CVE-2016-8657","details":"It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.","modified":"2026-05-04T08:14:30.665925Z","published":"2018-07-31T19:29:00.650Z","withdrawn":"2026-05-04T08:14:30.665925Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96896"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1609"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0826.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0827.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0828.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0829.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}