Lucene search
MitreCVELIST:CVE-2017-16355HistoryDec 14, 2017 - 10:00 p.m.
CVE-2017-16355
2017-12-1422:00:00
mitre
www.cve.org
2
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
Related
cve
cve
CVE-2017-16355
2017-12-14 22:29:00
CVE-2017-1000384
2017-12-15 10:29:00
veracode
veracode
Arbitrary File List Read
2017-11-20 02:23:04
nvd
nvd
CVE-2017-16355
2017-12-14 22:29:00
CVE-2017-1000384
2017-12-15 10:29:00
redhatcve
redhatcve
CVE-2017-16355
2017-12-20 02:49:53
debian
debian
[SECURITY] [DSA 4415-1] passenger security update
2019-03-24 11:02:30
[SECURITY] [DSA 4415-1] passenger security update
2019-03-24 11:02:30
osv
osv
CVE-2017-16355
2017-12-14 22:29:00
Phusion Passenger information disclosure
2022-05-13 01:30:59
passenger - security update
2019-03-24 00:00:00
freebsd
freebsd
rubygem-passenger -- arbitrary file read vulnerability
2017-10-13 00:00:00
nessus
nessus
FreeBSD : rubygem-passenger -- arbitrary file read vulnerability (8cf25a29-e063-11e7-9b2c-001e672571bc)
2017-12-19 00:00:00
Debian DSA-4415-1 : passenger - security update
2019-03-25 00:00:00
Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)
2023-10-20 00:00:00
github
github
Phusion Passenger information disclosure
2022-05-13 01:30:59
debiancve
debiancve
CVE-2017-16355
2017-12-14 22:29:00
prion
prion
Design/Logic Flaw
2017-12-14 22:29:00
openvas
openvas
Debian: Security Advisory (DSA-4415-1)
2019-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0262-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-5261-1)
2023-01-27 00:00:00
ubuntucve
ubuntucve
CVE-2017-16355
2017-12-14 00:00:00
ubuntu
ubuntu
Phusion Passenger vulnerabilities
2022-02-01 00:00:00