Lucene search

[email protected]NVD:CVE-2015-1196

HistoryJan 21, 2015 - 6:59 p.m.

CVE-2015-1196

2015-01-2118:59:57

CWE-59

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Affected configurations

NVD

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

oraclesolarisMatch11.2

Node

gnupatchMatch2.7.1

References

git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3

lists.opensuse.org/opensuse-updates/2015-02/msg00013.html

seclists.org/oss-sec/2015/q1/173

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.securityfocus.com/bid/72074

bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227

bugzilla.redhat.com/show_bug.cgi?id=1182154

exchange.xforce.ibmcloud.com/vulnerabilities/99967

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for NVD:CVE-2015-1196

nessus14 ubuntucve2 cvelist2 openvas13 slackware1 debiancve2 prion2 cve2 archlinux1 fedora4 nvd1 mageia1 securityvulns3 ubuntu1 rosalinux1