Description

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Remediation

References

CVE-2014-1832

Related Vulnerabilities

WordPress Plugin BuddyPress Cross-Site Request Forgery (2.9.0)

WordPress Plugin Flo Forms-Easy Drag & Drop Form Builder Multiple Vulnerabilities (1.0.35)

MediaWiki Improper Input Validation Vulnerability (CVE-2010-1189)

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

Jboss EAP Reachable Assertion Vulnerability (CVE-2020-25710)

Severity

Low

Classification

CVE-2014-1832

Tags

Missing Update Known Vulnerabilities