Description

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

Remediation

References

CVE-2014-1831

Related Vulnerabilities

Magento CVE-2019-7896 Vulnerability (CVE-2019-7896)

Lodash Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-23337)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3570)

Squid Improper Input Validation Vulnerability (CVE-2013-1839)

Severity

Low

Classification

CVE-2014-1831

Tags

Missing Update Known Vulnerabilities