Описание
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
Отчет
This issue affects the versions of the mongo cartridge as shipped with Red Hat OpenShift Enterprise Linux 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Additionally OpenShift uses a strong file permission and SELinux permission model minimizing the amount of data that can be viewed.
Дополнительная информация
Статус:
2.1 Low
CVSS2
Связанные уязвимости
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
2.1 Low
CVSS2