Monkey@0.9.3 Security Vulnerabilities and Issues — Monkey@0.9.3 CVE List

Lucene search

Monkey-projectMonkey0.9.3

4 matches found

CVE•added 2012/10/05 9:55 p.m.•36 views

CVE-2012-4442

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

4.7CVSS6.5AI score0.00062EPSS

CVE•added 2014/08/26 2:55 p.m.•36 views

CVE-2014-5336

Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.

4.3CVSS6.8AI score0.01509EPSS

CVE•added 2012/10/05 9:55 p.m.•34 views

CVE-2012-5303

Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

6.9CVSS6.6AI score0.00036EPSS

CVE•added 2012/10/05 5:55 p.m.•25 views

CVE-2012-4443

Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.

6.9CVSS7AI score0.00054EPSS