Lucene search

[email protected]NVD:CVE-2016-1242

HistorySep 07, 2016 - 7:28 p.m.

CVE-2016-1242

2016-09-0719:28:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

Affected configurations

Nvd

Node

trytontrytonMatch4.0.0

trytontrytonMatch4.0.1

trytontrytonMatch4.0.2

trytontrytonMatch4.0.3

Node

trytontrytonRange≤3.2.16

Node

trytontrytonMatch3.8.0

trytontrytonMatch3.8.1

trytontrytonMatch3.8.2

trytontrytonMatch3.8.3

trytontrytonMatch3.8.4

trytontrytonMatch3.8.5

trytontrytonMatch3.8.6

trytontrytonMatch3.8.7

Node

trytontrytonMatch3.4.0

trytontrytonMatch3.4.1

trytontrytonMatch3.4.2

trytontrytonMatch3.4.3

trytontrytonMatch3.4.4

trytontrytonMatch3.4.5

trytontrytonMatch3.4.6

trytontrytonMatch3.4.7

trytontrytonMatch3.4.8

trytontrytonMatch3.4.9

trytontrytonMatch3.4.10

trytontrytonMatch3.4.11

trytontrytonMatch3.4.12

trytontrytonMatch3.4.13

trytontrytonMatch3.8.4

Node

trytontrytonMatch3.2.0

trytontrytonMatch3.6.0

trytontrytonMatch3.6.1

trytontrytonMatch3.6.2

trytontrytonMatch3.6.3

trytontrytonMatch3.6.4

trytontrytonMatch3.6.5

trytontrytonMatch3.6.6

trytontrytonMatch3.6.7

trytontrytonMatch3.6.8

trytontrytonMatch3.6.9

trytontrytonMatch3.6.10

trytontrytonMatch3.6.11

References

www.debian.org/security/2016/dsa-3656

www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html

bugs.tryton.org/issue5808

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

Related for NVD:CVE-2016-1242

openvas18 github2 ubuntucve2 prion2 cve2 debiancve2 cvelist2 osv4 debian3 fedora13 veracode1 nessus4 nvd1