Lucene search

[email protected]CVE-2012-3513

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-3513

2022-10-0316:15:22

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-3513

munin

cgi

apache

remote attackers

files creation

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.9%

JSON

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.

Affected configurations

NVD

Node

munin-monitoringmuninRange≤2.0.5

munin-monitoringmuninMatch2.0-beta1

munin-monitoringmuninMatch2.0-beta2

munin-monitoringmuninMatch2.0-beta3

munin-monitoringmuninMatch2.0-beta4

munin-monitoringmuninMatch2.0-beta5

munin-monitoringmuninMatch2.0-beta6

munin-monitoringmuninMatch2.0-beta7

munin-monitoringmuninMatch2.0-rc1

munin-monitoringmuninMatch2.0-rc2

munin-monitoringmuninMatch2.0-rc3

munin-monitoringmuninMatch2.0-rc4

munin-monitoringmuninMatch2.0-rc5

munin-monitoringmuninMatch2.0-rc6

munin-monitoringmuninMatch2.0-rc7

munin-monitoringmuninMatch2.0.0

munin-monitoringmuninMatch2.0.1

munin-monitoringmuninMatch2.0.2

munin-monitoringmuninMatch2.0.3

munin-monitoringmuninMatch2.0.4

CPENameOperatorVersion
munin-monitoring:muninmunin-monitoring muninle2.0.5
munin-monitoring:muninmunin-monitoring munineq2.0-beta1
munin-monitoring:muninmunin-monitoring munineq2.0-beta2
munin-monitoring:muninmunin-monitoring munineq2.0-beta3
munin-monitoring:muninmunin-monitoring munineq2.0-beta4
munin-monitoring:muninmunin-monitoring munineq2.0-beta5
munin-monitoring:muninmunin-monitoring munineq2.0-beta6
munin-monitoring:muninmunin-monitoring munineq2.0-beta7
munin-monitoring:muninmunin-monitoring munineq2.0-rc1
munin-monitoring:muninmunin-monitoring munineq2.0-rc2

CPE	Name	Operator	Version
munin-monitoring:munin	munin-monitoring munin	le	2.0.5
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta1
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta2
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta3
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta4
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta5
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta6
munin-monitoring:munin	munin-monitoring munin	eq	2.0-beta7
munin-monitoring:munin	munin-monitoring munin	eq	2.0-rc1
munin-monitoring:munin	munin-monitoring munin	eq	2.0-rc2