Lucene search

[email protected]CVE-2013-1048

HistoryMar 06, 2013 - 1:10 p.m.

CVE-2013-1048

2013-03-0613:10:00

CWE-264

[email protected]

web.nvd.nist.gov

372

debian

apache2

cve-2013-1048

vulnerability

local users

privilege escalation

symlink attack

6.2 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

CPENameOperatorVersion
debian:apache2debian apache2le2.2.22-12
debian:apache2debian apache2le2.2.16-6

CPE	Name	Operator	Version
debian:apache2	debian apache2	le	2.2.22-12
debian:apache2	debian apache2	le	2.2.16-6

References

security.debian.org/debian-security/pool/updates/main/a/apache2/apache2_2.2.16-6+squeeze11.diff.gz

www.debian.org/security/2013/dsa-2637

6.2 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-1048

ubuntucve1 prion1 debiancve1 cvelist1 openvas4 debian2 osv1 nessus2 ubuntu1