Описание
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.7 (включая) до 3.5.0 (включая)
cpe:2.3:a:ossec:ossec:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00185
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.5
debian
около 6 лет назад
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...
CVSS3: 5.5
github
больше 3 лет назад
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
EPSS
Процентиль: 40%
0.00185
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22