CVE-2015-5959

Опубликовано: 06 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.

Ссылки

http://www.openwall.com/lists/oss-security/2015/08/07/2
Mailing List
http://www.securityfocus.com/bid/76097
Third Party Advisory
VDB Entry
https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/07/2
Mailing List
http://www.securityfocus.com/bid/76097
Third Party Advisory
VDB Entry
https://github.com/Froxlor/Froxlor/commit/8558533a9148a2a0302c9c177abff8e4e4075b92
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

Версия до 0.9.33.1 (включая)

EPSS

Процентиль: 80%

0.01459

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-5959

CVSS3: 9.8

debian

больше 8 лет назад

Froxlor before 0.9.33.2 with the default configuration/setup might all ...

GHSA-3f2c-xwqh-4w82

CVSS3: 9.8

github

больше 3 лет назад

Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.

EPSS

Процентиль: 80%

0.01459

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200