Описание
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
Ссылки
- Mailing List
- Mailing List
Уязвимые конфигурации
EPSS
7.1 High
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
EPSS
7.1 High
CVSS3
2.1 Low
CVSS2