Lucene search

K

PRIOn knowledge basePRION:CVE-2015-7545

HistoryApr 13, 2016 - 3:59 p.m.

Design/Logic Flaw

2016-04-1315:59:00

PRIOn knowledge base

www.prio-n.com

5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.078 Low

EPSS

Percentile

94.0%

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
giteq2.4.1
giteq2.4.9
giteq2.5.2
giteq2.5.3
giteq2.5.0
giteq2.4.2

Rows per page:

1-10 of 231

References

lists.opensuse.org/opensuse-updates/2015-11/msg00066.html

rhn.redhat.com/errata/RHSA-2015-2515.html

www.debian.org/security/2016/dsa-3435

www.openwall.com/lists/oss-security/2015/12/08/5

www.openwall.com/lists/oss-security/2015/12/09/8

www.openwall.com/lists/oss-security/2015/12/11/7

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/78711

www.securitytracker.com/id/1034501

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

www.ubuntu.com/usn/USN-2835-1

bugzilla.redhat.com/show_bug.cgi?id=1269794

github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt

kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021

lkml.org/lkml/2015/10/5/683

security.gentoo.org/glsa/201605-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.078 Low

EPSS

Percentile

94.0%

Related for PRION:CVE-2015-7545

nessus12 openvas12 debian2 oraclelinux2 ibm1 veracode1 freebsd1 centos1 redhat2 debiancve1 cve1 ubuntucve1 amazon1 ubuntu1 mageia1 hackerone1 archlinux2 slackware1 gentoo1 rosalinux1