CVE-2018-10869

Опубликовано: 19 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

Ссылки

http://www.securityfocus.com/bid/105061
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2373
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869
Issue Tracking
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/105061
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2373
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:certification:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00531

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-552

CWE-732

Связанные уязвимости

CVE-2018-10869

CVSS3: 7.5

redhat

больше 7 лет назад

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

GHSA-5v46-5c9p-j4mg

CVSS3: 7.5

github

больше 3 лет назад

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

EPSS

Процентиль: 67%

0.00531

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-552

CWE-732