Description

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

Remediation

References

CVE-2015-8393

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42043)

Moodle Other Vulnerability (CVE-2006-4938)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)

WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)

Oracle JRE CVE-2020-2756 Vulnerability (CVE-2020-2756)

Severity

High

Classification

CVE-2015-8393 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities