Lucene search

Ubuntu.comUB:CVE-2008-5186

HistoryNov 21, 2008 - 12:00 a.m.

CVE-2008-5186

2008-11-2100:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.014

Percentile

86.5%

JSON

DISPUTED The set_language_path function in geshi.php in Generic
Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to
conduct file inclusion attacks via crafted inputs that influence the
default language path ($path variable). NOTE: this issue has been disputed
by a vendor, stating that only a static value is used, so this is not a
vulnerability in GeSHi. Separate CVE identifiers would be created for web
applications that integrate GeSHi in a way that allows control of the
default language path.

References

launchpad.net/bugs/cve/CVE-2008-5186

nvd.nist.gov/vuln/detail/CVE-2008-5186

security-tracker.debian.org/tracker/CVE-2008-5186

www.cve.org/CVERecord?id=CVE-2008-5186

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.014

Percentile

86.5%

JSON

Related for UB:CVE-2008-5186