Lucene search

[email protected]CVE-2004-2473

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2473

2004-12-3105:00:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2004-2473

wmfrog

weather monitor

file overwrite

symlink attack

7.1 High

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CPENameOperatorVersion
wmfrog:wmfrogwmfrogeq0.1.6

CPE	Name	Operator	Version
wmfrog:wmfrog	wmfrog	eq	0.1.6

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=294352

secunia.com/advisories/13259

secunia.com/advisories/25686

sourceforge.net/project/shownotes.php?release_id=516070&group_id=67429

wmfrog.svn.sourceforge.net/svnroot/wmfrog/wmfrog/CHANGES

www.osvdb.org/12118

www.securityfocus.com/bid/11743

www.securityfocus.com/bid/24504

www.vupen.com/english/advisories/2007/2238

exchange.xforce.ibmcloud.com/vulnerabilities/18232

exchange.xforce.ibmcloud.com/vulnerabilities/34924

7.1 High

AI Score

Confidence

Low

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON