Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2011:0394
HistoryApr 20, 2011 - 4:13 p.m.

luci, ricci security update

2011-04-2016:13:40
CentOS Project
lists.centos.org
51

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.6%

JSON

CentOS Errata and Security Advisory CESA-2011:0394

The conga packages provide a web-based administration tool for remote
cluster and storage management.

A privilege escalation flaw was found in luci, the Conga web-based
administration application. A remote attacker could possibly use this flaw
to obtain administrative access, allowing them to read, create, or modify
the content of the luci application. (CVE-2011-0720)

Users of Conga are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
updated packages, luci must be restarted (“service luci restart”) for the
update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-April/079581.html
https://lists.centos.org/pipermail/centos-announce/2011-April/079583.html

Affected packages:
luci
ricci

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:0394

Related

openvas 7
redhat 2
nessus 7
github 2
cve 2
cvelist 2
nvd 2
osv 2
freebsd 1
prion 2
oraclelinux 1
openvas
openvas
CentOS Update for luci CESA-2011:0394 centos5 x86_64
2012-07-30 00:00:00
CentOS Update for luci CESA-2011:0394 centos5 i386
2011-08-09 00:00:00
CentOS Update for luci CESA-2011:0394 centos5 x86_64
2012-07-30 00:00:00
redhat
redhat
(RHSA-2011:0394) Important: conga security update
2011-03-28 00:00:00
(RHSA-2011:0393) Important: conga security update
2011-03-28 00:00:00
nessus
nessus
CentOS 5 : conga (CESA-2011:0394)
2011-04-21 00:00:00
FreeBSD : plone -- Remote Security Bypass (7c492ea2-3566-11e0-8e81-0022190034c0)
2011-09-06 00:00:00
Scientific Linux Security Update : conga on SL4.x i386/x86_64
2012-08-01 00:00:00
github
github
Plone Privilege Escalation Vulnerability
2022-05-17 02:01:56
High severity vulnerability that affects Plone and Zope2
2018-07-23 19:52:02
cve
cve
CVE-2011-0720
2011-02-03 17:00:03
CVE-2011-2528
2011-07-19 20:55:01
cvelist
cvelist
CVE-2011-0720
2011-02-03 16:00:00
CVE-2011-2528
2011-07-19 20:00:00
nvd
nvd
CVE-2011-0720
2011-02-03 17:00:03
CVE-2011-2528
2011-07-19 20:55:01
osv
osv
PYSEC-2011-13
2011-02-03 17:00:00
High severity vulnerability that affects Plone and Zope2
2018-07-23 19:52:02
freebsd
freebsd
plone -- Remote Security Bypass
2011-02-02 00:00:00
prion
prion
Sql injection
2011-02-03 17:00:00
Spoofing
2011-07-19 20:55:00
oraclelinux
oraclelinux
conga security update
2011-03-28 00:00:00

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.6%

JSON
Related for CESA-2011:0394
openvas7redhat2nessus7github2cve2cvelist2nvd2osv2freebsd1prion2oraclelinux1