Lucene search

[email protected]CVE-2010-2445

HistoryJul 08, 2010 - 12:54 p.m.

CVE-2010-2445

2010-07-0812:54:00

CWE-78

[email protected]

web.nvd.nist.gov

140

cve-2010-2445

freeciv

vulnerability

lua

file read

command execution

security vulnerability

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.8%

JSON

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

CPENameOperatorVersion
freeciv:freecivfreeciveq2.2.0
freeciv:freecivfreeciveq2.3.0

CPE	Name	Operator	Version
freeciv:freeciv	freeciv	eq	2.2.0
freeciv:freeciv	freeciv	eq	2.3.0

References

gna.org/bugs/?15624

packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html

www.mandriva.com/security/advisories?name=MDVSA-2010:205

www.openwall.com/lists/oss-security/2010/06/09/4

www.openwall.com/lists/oss-security/2010/06/24/5

www.osvdb.org/65192

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2010-2445

securityvulns2 openvas9 prion1 nessus5 fedora3 gentoo1 debiancve1 packetstorm1 ubuntucve1