Lucene search

[email protected]CVE-2011-2765

HistoryAug 20, 2018 - 1:29 p.m.

CVE-2011-2765

2018-08-2013:29:00

CWE-59

[email protected]

web.nvd.nist.gov

pyro

cve-2011-2765

file overwrite

symlink

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Affected configurations

NVD

Node

pyro_projectpyroRange<3.15

CPENameOperatorVersion
pyro_project:pyropyro project pyrolt3.15

CPE	Name	Operator	Version
pyro_project:pyro	pyro project pyro	lt	3.15

References

bugs.debian.org/631912

github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e

pythonhosted.org/Pyro/12-changes.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2011-2765

ubuntucve1 osv2 prion1 veracode1 debiancve1 nvd1 cvelist1 github1