NVD

Id
30398  
Name
CVE-2014-1832  
Description
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-02-19  
Modified Date
2015-02-20  
Seq
2014-1832  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
160839 30398 CVE-2014-1832 FEDORA-2015-1151  View
160840 30398 CVE-2014-1832 [oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem  View
160841 30398 CVE-2014-1832 [oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem  View
160842 30398 CVE-2014-1832 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958  View
160843 30398 CVE-2014-1832 https://bugzilla.redhat.com/show_bug.cgi?id=1058992  View
160844 30398 CVE-2014-1832 https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
19051 JVNDB-2014-007926 Phusion Passenger における特定のファイルおよびディレクトリに書き込まれる脆弱性 Phusion Passenger には、特定のファイルおよびディレクトリに書き込まれる脆弱性が存在します。 CVE-2014-1832 69119 CVE-2014-1832 30398 2.1 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007926.html 2014-01-29 2015-02-24 View