Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-1427

Опубликовано: 21 мар. 2013
Источник: nvd
CVSS2: 1.9
EPSS Низкий

Описание

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
Версия до 1.4.27 (включая)
cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.0004
Низкий

1.9 Low

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2013-1427

ubuntu
почти 13 лет назад

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

debian логотип

CVE-2013-1427

debian
почти 13 лет назад

The configuration file for the FastCGI PHP support for lighttpd before ...

github логотип

GHSA-4hqm-jw29-p8wm

github
больше 3 лет назад

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

EPSS

Процентиль: 12%
0.0004
Низкий

1.9 Low

CVSS2

Дефекты

CWE-310