Lucene search

[email protected]NVD:CVE-2012-5303

HistoryOct 05, 2012 - 9:55 p.m.

CVE-2012-5303

2012-10-0521:55:01

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

Affected configurations

Nvd

Node

monkey-projectmonkeyMatch0.9.3

VendorProductVersionCPE
monkey-projectmonkey0.9.3cpe:2.3:a:monkey-project:monkey:0.9.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
monkey-project	monkey	0.9.3	cpe:2.3:a:monkey-project:monkey:0.9.3:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425

bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879

www.securityfocus.com/bid/55905

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2012-5303

prion1 cve1 cvelist1 ubuntucve1