Lucene search

[email protected]CVE-2018-7490

HistoryFeb 26, 2018 - 10:29 p.m.

CVE-2018-7490

2018-02-2622:29:00

CWE-22

[email protected]

web.nvd.nist.gov

uwsgi

vulnerability

cve-2018-7490

nvd

directory traversal

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.949 High

EPSS

Percentile

99.3%

JSON

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

Affected configurations

NVD

Node

unbituwsgiRange<2.0.17

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

CPENameOperatorVersion
unbit:uwsgiunbit uwsgilt2.0.17

CPE	Name	Operator	Version
unbit:uwsgi	unbit uwsgi	lt	2.0.17

References

uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html

www.debian.org/security/2018/dsa-4142

www.exploit-db.com/exploits/44223/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.949 High

EPSS

Percentile

99.3%

JSON

Related for CVE-2018-7490

zdt1 osv3 openvas4 github1 checkpoint_advisories1 prion1 debiancve1 alpinelinux1 nuclei1 ubuntucve1 cvelist1 exploitpack1 nessus3 nvd1 dsquare1 fedora2 veracode1 packetstorm1 exploitdb1 debian2