It was reported that the jbossas init script performed unsafe file handling, which could result in local privilege escalation.
This issue has been addressed in the following products: Via RHSA-2017:0247 https://rhn.redhat.com/errata/RHSA-2017-0247.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2017:0246 https://rhn.redhat.com/errata/RHSA-2017-0246.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2017:0245 https://rhn.redhat.com/errata/RHSA-2017-0245.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:0244 https://rhn.redhat.com/errata/RHSA-2017-0244.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:0250 https://rhn.redhat.com/errata/RHSA-2017-0250.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0832 https://rhn.redhat.com/errata/RHSA-2017-0832.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:0831 https://rhn.redhat.com/errata/RHSA-2017-0831.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0834 https://rhn.redhat.com/errata/RHSA-2017-0834.html
Statement: It was found that a variant of the Tomcat CVE-2016-1240 exploit is also applicable to Red Hat JBoss Enterprise Application Platform 5, 6, and 7. CVE-2016-8656 addresses these problems with JBoss EAP. The issue is now corrected in the various versions of Red Hat JBoss Enterprise Application Platform including EAP 6.4.13 and EAP 7.0.5. For further information please refer to https://access.redhat.com/articles/3016681
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Via RHSA-2018:1609 https://access.redhat.com/errata/RHSA-2018:1609
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-8656