CVE

Id
44022  
CVE No.
CVE-2010-1438  
Status
Candidate  
Description
Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh.  
Phase
Assigned (20100415)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
480491 44022 CVE-2010-1438 MLIST:[oss-security] 20100427 Re: wafp insecure temporary directory  View
480492 44022 CVE-2010-1438 URL:http://www.openwall.com/lists/oss-security/2010/04/28/3  View
480493 44022 CVE-2010-1438 MLIST:[oss-security] 20100427 wafp insecure temporary directory  View
480494 44022 CVE-2010-1438 URL:http://www.openwall.com/lists/oss-security/2010/04/27/6  View
480495 44022 CVE-2010-1438 MISC:http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8  View
480496 44022 CVE-2010-1438 BID:39760  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
39898 JVNDB-2010-005683 VideoLAN VLC media player におけるサービス運用妨害 (DoS) の脆弱性 VideoLAN VLC media player には、サービス運用妨害 (不正なメモリアクセスおよびアプリケーションクラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。 CVE-2010-1442 44022 7.5 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-005683.html  View