WEB APPLICATION VULNERABILITIES Standard & Premium

Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119)

Description

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Remediation

References

Related Vulnerabilities

MySQL CVE-2021-2061 Vulnerability (CVE-2021-2061)

WordPress Plugin jcwp youtube channel embed Cross-Site Scripting (1.5.2)

MySQL CVE-2013-0371 Vulnerability (CVE-2013-0371)

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)

Severity

Medium

Classification

CVE-2013-2119 CWE-264

Tags

Missing Update Known Vulnerabilities