Lucene search

[email protected]NVD:CVE-2011-2765

HistoryAug 20, 2018 - 1:29 p.m.

CVE-2011-2765

2018-08-2013:29:00

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.0%

JSON

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Affected configurations

Nvd

Node

pyro_projectpyroRange<3.15

VendorProductVersionCPE
pyro_projectpyro*cpe:2.3:a:pyro_project:pyro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pyro_project	pyro	*	cpe:2.3:a:pyro_project:pyro::::::::

References

bugs.debian.org/631912

github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e

pythonhosted.org/Pyro/12-changes.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

59.0%

JSON

Related for NVD:CVE-2011-2765

ubuntucve1 prion1 osv2 cve1 debiancve1 github1 cvelist1 veracode1