Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-0185
HistoryMay 06, 2014 - 10:44 a.m.

CVE-2014-0185

2014-05-0610:44:02
CWE-269
[email protected]
web.nvd.nist.gov
74
2
cve-2014-0185
php
fpm
fastcgi
unix socket permissions
vulnerability
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

16.0%

JSON

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Affected configurations

NVD
Node
phpphpRange5.3.05.3.28
OR
phpphpRange5.4.05.4.28
OR
phpphpRange5.5.05.5.12

Social References

More

Related

mageia 1
nessus 17
securityvulns 4
f5 2
nvd 1
cvelist 1
ubuntucve 1
openvas 26
prion 1
threatpost 1
fedora 17
slackware 1
osv 1
debian 1
ubuntu 2
gentoo 1
mageia
mageia
Updated php packages fix CVE-2014-0185
2014-05-15 02:02:58
nessus
nessus
openSUSE Security Update : froxlor (openSUSE-2015-636)
2015-10-06 00:00:00
Fedora 20 : php-5.5.12-1.fc20 (2014-5960)
2014-05-06 00:00:00
Fedora 19 : php-5.5.12-1.fc19 (2014-5984)
2014-05-12 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:087 ] php
2014-05-30 00:00:00
PHP privilege escalation
2014-05-30 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
f5
f5
K15322 : PHP vulnerability CVE-2014-0185
2014-06-05 00:00:00
SOL15322 - PHP vulnerability CVE-2014-0185
2014-06-05 00:00:00
nvd
nvd
CVE-2014-0185
2014-05-06 10:44:02
cvelist
cvelist
CVE-2014-0185
2014-05-06 10:00:00
ubuntucve
ubuntucve
CVE-2014-0185
2014-05-06 00:00:00
openvas
openvas
PHP 'FastCGI Process Manager' Privilege Escalation Vulnerability
2014-05-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0215)
2022-01-28 00:00:00
Fedora Update for php FEDORA-2014-5960
2014-05-12 00:00:00
prion
prion
Code injection
2014-05-06 10:44:00
threatpost
threatpost
PHP Updated to Fix Heartbleed, Other Bugs
2014-05-02 10:48:20
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.12-1.fc20
2014-05-06 03:27:27
[SECURITY] Fedora 20 Update: php-5.5.23-1.fc20
2015-03-31 21:37:50
[SECURITY] Fedora 20 Update: php-5.5.20-2.fc20
2014-12-29 10:03:10
slackware
slackware
[slackware-security] php
2014-06-09 21:04:52
osv
osv
php5 - security update
2014-06-01 00:00:00
debian
debian
[SECURITY] [DSA 2943-1] php5 security update
2014-06-01 08:38:03
ubuntu
ubuntu
PHP updates
2014-06-25 00:00:00
PHP vulnerabilities
2014-06-23 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2014-08-29 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

16.0%

JSON
Related for CVE-2014-0185
mageia1nessus17securityvulns4f52nvd1cvelist1ubuntucve1openvas26prion1threatpost1fedora17slackware1osv1debian1ubuntu2gentoo1