Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3816

Опубликовано: 14 мар. 2019
Источник: nvd
CVSS3: 7.5
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openwsman_project:openwsman:*:*:*:*:*:*:*:*
Версия до 2.6.9 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.00961
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2019-3816

CVSS3: 7.5
ubuntu
почти 7 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

redhat логотип

CVE-2019-3816

CVSS3: 7.5
redhat
почти 7 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

msrc логотип

CVE-2019-3816

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2019-3816

CVSS3: 7.5
debian
почти 7 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to arbit ...

github логотип

GHSA-966p-p7cq-2frr

CVSS3: 7.5
github
больше 3 лет назад

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

EPSS

Процентиль: 76%
0.00961
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22
CWE-22