Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1707.NASLHistoryMar 11, 2019 - 12:00 a.m.
Debian DLA-1707-1 : symfony security update
2019-03-1100:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.878 High
EPSS
Percentile
98.7%
Several security vulnerabilities have been discovered in symfony, a PHP web application framework. Numerous symfony components are affected: Security, bundle readers, session handling, SecurityBundle, HttpFoundation, Form, and Security\Http.
The corresponding upstream advisories contain further details :
[CVE-2017-16652] https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on
-security-handlers
[CVE-2017-16654] https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-o ut-of-paths
[CVE-2018-11385] https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-gua rd-authentication
[CVE-2018-11408] https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on
-security-handlers
[CVE-2018-14773] https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and- risky-http-headers
[CVE-2018-19789] https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-f ull-path
[CVE-2018-19790] https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-wh en-using-security-http
For Debian 8 ‘Jessie’, these problems have been fixed in version 2.3.21+dfsg-4+deb8u4.
We recommend that you upgrade your symfony packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1707-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(122721);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");
script_cve_id(
"CVE-2017-16652",
"CVE-2017-16654",
"CVE-2018-11385",
"CVE-2018-11408",
"CVE-2018-14773",
"CVE-2018-19789",
"CVE-2018-19790"
);
script_name(english:"Debian DLA-1707-1 : symfony security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Several security vulnerabilities have been discovered in symfony, a
PHP web application framework. Numerous symfony components are
affected: Security, bundle readers, session handling, SecurityBundle,
HttpFoundation, Form, and Security\Http.
The corresponding upstream advisories contain further details :
[CVE-2017-16652]
https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on
-security-handlers
[CVE-2017-16654]
https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-o
ut-of-paths
[CVE-2018-11385]
https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-gua
rd-authentication
[CVE-2018-11408]
https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on
-security-handlers
[CVE-2018-14773]
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-
risky-http-headers
[CVE-2018-19789]
https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-f
ull-path
[CVE-2018-19790]
https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-wh
en-using-security-http
For Debian 8 'Jessie', these problems have been fixed in version
2.3.21+dfsg-4+deb8u4.
We recommend that you upgrade your symfony packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/symfony");
# https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f99409b");
# https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7dce206");
# https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a195ddf");
# https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39450434");
# https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?391e80f4");
# https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df081f61");
# https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8a01aecd");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11385");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-browser-kit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-class-loader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-classloader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-config");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-css-selector");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-dependency-injection");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-doctrine-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-dom-crawler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-event-dispatcher");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-eventdispatcher");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-finder");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-form");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-framework-bundle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-http-foundation");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-http-kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-intl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-locale");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-monolog-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-options-resolver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-process");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-propel1-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-property-access");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-proxy-manager-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-routing");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-bundle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-serializer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-stopwatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-swiftmailer-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-templating");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-translation");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-twig-bridge");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-twig-bundle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-validator");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-web-profiler-bundle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-yaml");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"php-symfony-browser-kit", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-class-loader", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-classloader", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-config", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-console", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-css-selector", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-debug", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-dependency-injection", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-doctrine-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-dom-crawler", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-event-dispatcher", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-eventdispatcher", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-filesystem", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-finder", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-form", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-framework-bundle", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-http-foundation", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-http-kernel", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-intl", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-locale", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-monolog-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-options-resolver", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-process", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-propel1-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-property-access", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-proxy-manager-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-routing", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-security", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-security-bundle", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-serializer", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-stopwatch", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-swiftmailer-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-templating", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-translation", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-twig-bridge", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-twig-bundle", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-validator", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-web-profiler-bundle", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"php-symfony-yaml", reference:"2.3.21+dfsg-4+deb8u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | php-symfony-event-dispatcher | p-cpe:/a:debian:debian_linux:php-symfony-event-dispatcher |
| debian | debian_linux | php-symfony-framework-bundle | p-cpe:/a:debian:debian_linux:php-symfony-framework-bundle |
| debian | debian_linux | php-symfony-doctrine-bridge | p-cpe:/a:debian:debian_linux:php-symfony-doctrine-bridge |
| debian | debian_linux | php-symfony-swiftmailer-bridge | p-cpe:/a:debian:debian_linux:php-symfony-swiftmailer-bridge |
| debian | debian_linux | php-symfony-intl | p-cpe:/a:debian:debian_linux:php-symfony-intl |
| debian | debian_linux | php-symfony-dom-crawler | p-cpe:/a:debian:debian_linux:php-symfony-dom-crawler |
| debian | debian_linux | php-symfony-browser-kit | p-cpe:/a:debian:debian_linux:php-symfony-browser-kit |
| debian | debian_linux | php-symfony-eventdispatcher | p-cpe:/a:debian:debian_linux:php-symfony-eventdispatcher |
| debian | debian_linux | php-symfony-filesystem | p-cpe:/a:debian:debian_linux:php-symfony-filesystem |
| debian | debian_linux | php-symfony-routing | p-cpe:/a:debian:debian_linux:php-symfony-routing |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
www.nessus.org/u?0f99409b
www.nessus.org/u?391e80f4
www.nessus.org/u?39450434
www.nessus.org/u?5a195ddf
www.nessus.org/u?8a01aecd
www.nessus.org/u?c7dce206
www.nessus.org/u?df081f61
lists.debian.org/debian-lts-announce/2019/03/msg00009.html
packages.debian.org/source/jessie/symfony
Related
debian
debian
[SECURITY] [DLA 1707-1] symfony security update
2019-03-10 01:19:23
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
[SECURITY] [DSA 4441-1] symfony security update
2019-05-10 06:26:19
osv
osv
symfony - security update
2019-03-09 00:00:00
Symfony Open Redirect
2022-05-14 01:21:15
CVE-2018-11408
2018-06-13 16:29:01
openvas
openvas
Debian: Security Advisory (DLA-1707-1)
2019-03-10 00:00:00
Fedora Update for php-symfony FEDORA-2018-8c06b6defd
2018-12-18 00:00:00
Fedora Update for php-symfony3 FEDORA-2018-66547a8c14
2018-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: php-symfony3-3.4.20-1.fc28
2018-12-17 02:28:10
[SECURITY] Fedora 28 Update: php-symfony4-4.0.15-1.fc28
2018-12-17 02:28:12
[SECURITY] Fedora 28 Update: php-symfony-2.8.49-1.fc28
2018-12-17 02:28:11
nessus
nessus
Fedora 28 : php-symfony3 (2018-66547a8c14)
2019-01-03 00:00:00
Fedora 29 : php-symfony4 (2018-84a1f77d89)
2019-01-03 00:00:00
Fedora 28 : php-symfony4 (2018-6edf04d9d6)
2019-01-03 00:00:00
debiancve
debiancve
nvd
nvd
cvelist
cvelist
cve
cve
prion
prion
Open redirect
2018-06-13 16:29:00
Directory traversal
2018-08-06 21:29:00
Session fixation
2018-06-13 16:29:00
symfony
symfony
CVE-2018-11408: Open redirect vulnerability on security handlers
2018-05-25 00:00:00
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-17 00:00:00
CVE-2018-19789: Disclosure of uploaded files full path
2018-12-06 00:00:00
veracode
veracode
Open Redirect
2018-06-14 03:06:14
Directory Traversal
2017-11-21 06:26:16
Open Redirect
2017-11-21 08:10:34
ubuntucve
ubuntucve
github
github
Symfony Open Redirect
2022-05-14 01:21:15
Symfony Directory Traversal
2022-05-14 01:21:16
Symfony Session Fixation Vulnerability
2022-05-14 01:22:27
friendsofphp
friendsofphp
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
CVE-2018-11385: Session Fixation Issue for Guard Authentication
2018-05-25 11:46:22
redhatcve
redhatcve
CVE-2017-16654
2022-05-20 23:43:31
drupal
drupal
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
Drupal Core - 3rd-party libraries -SA-CORE-2018-005
2018-08-01 00:00:00
ibm
ibm
thn
thn
Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers—Patch Now
2018-08-03 11:13:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.878 High
EPSS
Percentile
98.7%
Related for DEBIAN_DLA-1707.NASL