6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3
between directory and file validation, and their usage, allow local users
to gain privileges and execute arbitrary code by renaming directories or
performing symlink attacks. NOTE: the researcher, who is reliable, claims
that the vendor disputes the issue because “the attacks described rely on
an insecure server configuration” in which the user “has write access to
the document root.”
Author | Note |
---|---|
kees | negligible addition checks for suexec |