Описание
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:certification:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00341
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-552
CWE-552
Связанные уязвимости
CVSS3: 6.5
redhat
больше 7 лет назад
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
CVSS3: 9.1
github
больше 3 лет назад
It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd. This flaw affects redhat-certification version 7.
EPSS
Процентиль: 56%
0.00341
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-552
CWE-552