Lucene search

K
cve[email protected]CVE-2014-1875
HistoryOct 06, 2014 - 11:55 p.m.

CVE-2014-1875

2014-10-0623:55:07
CWE-59
web.nvd.nist.gov
20
cve-2014-1875
capture::tiny
perl
symlink attack
local users
arbitrary files

6.2 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.

Affected configurations

NVD
Node
cspancapture-tinyRange0.23
OR
cspancapture-tinyMatch0.20
OR
cspancapture-tinyMatch0.21
OR
cspancapture-tinyMatch0.22

6.2 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%