Lucene search

K
cve[email protected]CVE-2003-1308
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2003-1308

2022-10-0316:15:42
web.nvd.nist.gov
27
crlf injection
vulnerability
fvwm
command execution
filename
local users

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.

Affected configurations

NVD
Node
fvwmfvwmRange2.4.17
OR
fvwmfvwmRange2.5.8
CPENameOperatorVersion
fvwm:fvwmfvwmle2.4.17
fvwm:fvwmfvwmle2.5.8

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%