Lucene search

PRIOn knowledge basePRION:CVE-2010-2809

HistoryAug 19, 2010 - 10:00 p.m.

Default configuration

2010-08-1922:00:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.071 Low

EPSS

Percentile

93.8%

JSON

The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.

CPENameOperatorVersion
uzblle2010.04.03
uzbleq2010.01.04
uzbleq2009.12.22

Name	Operator	Version
uzbl	le	2010.04.03
uzbl	eq	2010.01.04
uzbl	eq	2009.12.22

References

www.securityfocus.com/bid/42297

www.uzbl.org/bugs/index.php?do=details&task_id=240

www.uzbl.org/news.php?id=29

bugzilla.redhat.com/show_bug.cgi?id=621964

bugzilla.redhat.com/show_bug.cgi?id=621965

exchange.xforce.ibmcloud.com/vulnerabilities/61011

github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975

github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2

marc.info/?l=oss-security&m=128111493509265&w=2

marc.info/?l=oss-security&m=128111994317381&w=2

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.071 Low

EPSS

Percentile

93.8%

JSON

Related for PRION:CVE-2010-2809