CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.6%
Red Hat Security Response Team reports:
Gallery upstream has released 3.0.9 version, correcting two
security flaws:
Issue #1 - Improper stripping of URL fragments in flowplayer
SWF file might lead to reply attacks (a different flaw than
CVE-2013-2138).
Issue #2 - gallery3: Multiple information exposure flaws in
data rest core module.