Описание
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Ссылки
- Broken Link
- Broken LinkMailing List
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingMailing ListThird Party Advisory
- Not Applicable
- Broken LinkThird Party Advisory
- PatchVendor Advisory
- Vendor Advisory
- Release NotesThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.9 Medium
CVSS2
Дефекты
Связанные уязвимости
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
EPSS
6.9 Medium
CVSS2