Lucene search

[email protected]CVE-2015-3201

HistoryJun 08, 2015 - 2:59 p.m.

CVE-2015-3201

2015-06-0814:59:10

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-3201

thermostat

web.xml

configuration file

permissions

user credentials

local users

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

Affected configurations

NVD

Node

redhatthermostatRange≤1.4

CPENameOperatorVersion
redhat:thermostatredhat thermostatle1.4

CPE	Name	Operator	Version
redhat:thermostat	redhat thermostat	le	1.4

References

icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372

icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a

lists.fedoraproject.org/pipermail/package-announce/2015-June/159788.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/159958.html

rhn.redhat.com/errata/RHSA-2015-1052.html

www.securityfocus.com/bid/75066

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3201

redhat1 nessus2 prion1 cvelist1 nvd1 openvas2 fedora2