Lucene search

GoogleOSV:CVE-2023-25802

HistoryMar 13, 2023 - 8:15 p.m.

CVE-2023-25802

2023-03-1320:15:14

Google

osv.dev

roxy-wi

haproxy

nginx

apache

keepalived

security patch

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don’t correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.

CPENameOperatorVersion
roxy-wieq5.1.4.0
roxy-wieq.5.3.5.0
roxy-wieq1.10
roxy-wieq1.10.1
roxy-wieq3.4.5
roxy-wieq5.2.2.0
roxy-wieq5.3.2.0
roxy-wieq3.2.13
roxy-wieq1.4.1
roxy-wieq6.0.0.0

Name	Operator	Version
roxy-wi	eq	5.1.4.0
roxy-wi	eq	.5.3.5.0
roxy-wi	eq	1.10
roxy-wi	eq	1.10.1
roxy-wi	eq	3.4.5
roxy-wi	eq	5.2.2.0
roxy-wi	eq	5.3.2.0
roxy-wi	eq	3.2.13
roxy-wi	eq	1.4.1
roxy-wi	eq	6.0.0.0

Rows per page:

1-10 of 611

References

github.com/hap-wi/roxy-wi/commit/0054f25da7cf8c7480452f48e39308b5e392dc67

github.com/hap-wi/roxy-wi/security/advisories/GHSA-qcmp-q5h3-784m

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for OSV:CVE-2023-25802