Lucene search

[email protected]CVE-2012-5303

HistoryOct 05, 2012 - 9:55 p.m.

CVE-2012-5303

2012-10-0521:55:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2012-5303

nvd

security

symlink attack

local file overwrite

monkey http daemon

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

CPENameOperatorVersion
monkey-project:monkeymonkey-project monkeyeq0.9.3

CPE	Name	Operator	Version
monkey-project:monkey	monkey-project monkey	eq	0.9.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425

bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879

www.securityfocus.com/bid/55905

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2012-5303

cvelist1 prion1 ubuntucve1