CVE-2017-16355
MEDIUM
4,7
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW
1,2
Source: [email protected]
Access Vector: local
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0014
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Passenger by Phusion
Version Range Affected
From
5.0.10
(inclusive)
To
5.1.11
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Passenger by Phusion
Version Range Affected
From
5.0.10
(inclusive)
To
5.1.10
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c64454103…
https://seclists.org/bugtraq/2019/Mar/34
https://www.debian.org/security/2019/dsa-4415
https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c64454103…
https://seclists.org/bugtraq/2019/Mar/34
https://www.debian.org/security/2019/dsa-4415