CVE-2015-8977

Опубликовано: 31 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

Ссылки

http://www.openwall.com/lists/oss-security/2016/11/10/8
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94397
Third Party Advisory
VDB Entry
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
Release Notes
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/11/10/8
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/18/1
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94397
Third Party Advisory
VDB Entry
https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*

Версия до 1.8.5 (включая)

cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*

Версия до 1.6.17 (включая)

cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01218

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-97r5-3mcv-523r