NVD

Id
30677  
Name
CVE-2014-2209  
Description
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-12-28  
Modified Date
2014-12-30  
Seq
2014-2209  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
161746 30677 CVE-2014-2209 https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18551 JVNDB-2014-007426 Facebook HipHop Virtual Machine におけるアクセス制限を回避される脆弱性 Facebook HipHop Virtual Machine (HHVM) は、hphp/util/capability.cpp および hphp/util/light-process.cpp 内の追加のグループメンバーシップをドロップしないため、アクセス制限を回避される脆弱性が存在します。 CVE-2014-2209 69496 CVE-2014-2209 30677 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007426.html 2014-05-02 2015-01-06 View