Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-16355

Опубликовано: 14 дек. 2017
Источник: ubuntu
Приоритет: medium
CVSS2: 1.2
CVSS3: 4.7

Описание

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

РелизСтатусПримечание
artful

ignored

end of life
bionic

released

5.0.30-1+deb9u1build0.18.04.1
cosmic

released

5.0.30-1+deb9u1build0.18.10.1
devel

not-affected

5.0.30-1.1
disco

released

5.0.30-1+deb9u1build0.19.04.1
eoan

not-affected

5.0.30-1.1
esm-apps/bionic

released

5.0.30-1+deb9u1build0.18.04.1
esm-apps/focal

not-affected

5.0.30-1.1
esm-apps/jammy

not-affected

5.0.30-1.1
esm-apps/xenial

released

5.0.27-2ubuntu0.1~esm1

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

1.2 Low

CVSS2

4.7 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-16355

CVSS3: 4.7
redhat
больше 8 лет назад

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

nvd логотип

CVE-2017-16355

CVSS3: 4.7
nvd
около 8 лет назад

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

debian логотип

CVE-2017-16355

CVSS3: 4.7
debian
около 8 лет назад

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...

github логотип

GHSA-cv3f-px9r-54hm

CVSS3: 4.7
github
больше 3 лет назад

Phusion Passenger information disclosure

fstec логотип

BDU:2019-01588

CVSS3: 5.3
fstec
больше 8 лет назад

Уязвимость веб-сервера Phusion Passenger, связанная с возможностью создания символической ссылки между REVISION и произвольным файлом в системе, позволяющая нарушителю получить доступ к конфиденциальным данным

1.2 Low

CVSS2

4.7 Medium

CVSS3