Lucene search

[email protected]CVE-2009-1462

HistoryApr 28, 2009 - 4:30 p.m.

CVE-2009-1462

2009-04-2816:30:03

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1462

razorcms

security manager

permission verification

local users

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.

Affected configurations

NVD

Node

razorcmsrazorcmsRange≤0.3

razorcmsrazorcmsMatch0.2

razorcmsrazorcmsMatch0.3rc2

CPENameOperatorVersion
razorcms:razorcmsrazorcmsle0.3
razorcms:razorcmsrazorcmseq0.2

CPE	Name	Operator	Version
razorcms:razorcms	razorcms	le	0.3
razorcms:razorcms	razorcms	eq	0.2

References

marc.info/?l=full-disclosure&m=123990481506680&w=2

marc.info/?l=full-disclosure&m=123998062108561&w=2

razorcms.co.uk/support/viewtopic.php?f=13&t=325

www.securityfocus.com/bid/34566

exchange.xforce.ibmcloud.com/vulnerabilities/50358

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVE-2009-1462

prion1 cvelist1 nvd1