Lucene search

Ubuntu.comUB:CVE-2017-13815

HistoryNov 13, 2017 - 12:00 a.m.

CVE-2017-13815

2017-11-1300:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.6%

JSON

An issue was discovered in certain Apple products. macOS before 10.13.1 is
affected. The issue involves the third-party “file” product. Versions
before 5.31 allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact.

Notes

Author	Note
tyhicks	It isn’t clear if this affects the upstream file or not. Adding for now until we get more information.
mdeslaur	no details as of 2018-03-27, may be apple-specific, marking as not-affected

References

www.securitytracker.com/id/1039710

launchpad.net/bugs/cve/CVE-2017-13815

nvd.nist.gov/vuln/detail/CVE-2017-13815

security-tracker.debian.org/tracker/CVE-2017-13815

support.apple.com/HT208221

www.cve.org/CVERecord?id=CVE-2017-13815

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for UB:CVE-2017-13815