CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi
module before 0.46-1 for Nginx allows local users to read arbitrary files
via unspecified vectors.
Author | Note |
---|---|
tyhicks | Per Debian, naxsi package was introduced in 1.1.18-1 |
mdeslaur | precise and earlier don’t ship naxsi-ui in any binary package, which is the vulnerable part. |