Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-1247

Опубликовано: 29 нояб. 2016
Источник: ubuntu
Приоритет: medium
CVSS2: 7.2
CVSS3: 7.8

Описание

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

РелизСтатусПримечание
devel

released

1.10.1-0ubuntu5
esm-infra-legacy/trusty

released

1.4.6-1ubuntu3.6
esm-infra/xenial

released

1.10.0-0ubuntu0.16.04.3
precise

not-affected

1.1.19-1ubuntu0.8
trusty

released

1.4.6-1ubuntu3.6
trusty/esm

released

1.4.6-1ubuntu3.6
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

released

1.10.0-0ubuntu0.16.04.3

Показывать по

Ссылки на источники

7.2 High

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-1247

CVSS3: 7.4
redhat
больше 9 лет назад

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

nvd логотип

CVE-2016-1247

CVSS3: 7.8
nvd
около 9 лет назад

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

debian логотип

CVE-2016-1247

CVSS3: 7.8
debian
около 9 лет назад

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ...

github логотип

GHSA-4333-xxh4-gh9f

CVSS3: 7.8
github
больше 3 лет назад

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

7.2 High

CVSS2

7.8 High

CVSS3