Lucene search

K

PRIOn knowledge basePRION:CVE-2019-11356

HistoryJun 03, 2019 - 8:29 p.m.

Command injection

2019-06-0320:29:00

PRIOn knowledge base

www.prio-n.com

3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

CPENameOperatorVersion
ubuntu_linuxeq18.04
imapge3.0.0
imaple3.0.9
imapge2.5.0
imaple2.5.12
debian_linuxeq9.0
fedoraeq29
fedoraeq30
enterprise_linuxeq8.0
enterprise_linux_euseq8.1

Rows per page:

1-10 of 161

References

access.redhat.com/errata/RHSA-2019:1771

lists.fedoraproject.org/archives/list/[email protected]/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/

lists.fedoraproject.org/archives/list/[email protected]/message/PICSZDC3UGEUZ27VXGGM6OFI67D3KKLZ/

seclists.org/bugtraq/2019/Jun/9

usn.ubuntu.com/4566-1/

www.cyrusimap.org/imap/download/release-notes/2.5/index.html

www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html

www.cyrusimap.org/imap/download/release-notes/3.0/index.html

www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html

www.debian.org/security/2019/dsa-4458

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

Related for PRION:CVE-2019-11356

altlinux2 nessus8 osv3 openvas6 fedora2 redhatcve1 debian2 cve1 ubuntucve1 redhat1 freebsd1 veracode1 oraclelinux1 mageia1 debiancve1 ubuntu1