Lucene search

[email protected]CVE-2015-5652

HistoryOct 06, 2015 - 1:59 a.m.

CVE-2015-5652

2015-10-0601:59:27

[email protected]

web.nvd.nist.gov

165

cve-2015-5652

untrusted search path vulnerability

python.exe

python

windows

local users

privileges

trojan horse

readline.pyd

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says “It was determined that this is a longtime behavior of Python that cannot really be altered at this point.”

Affected configurations

NVD

Node

pythonpythonRange≤3.5.0

AND

microsoftwindows

CPENameOperatorVersion
python:pythonpythonle3.5.0

CPE	Name	Operator	Version
python:python	python	le	3.5.0

References

jvn.jp/en/jp/JVN49503705/995204/index.html

jvn.jp/en/jp/JVN49503705/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000141

www.securityfocus.com/bid/76929

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-5652

ubuntucve1 nvd1 prion1 cvelist1 jvn1