Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119)

Description

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Remediation

References

Related Vulnerabilities

WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)

PHP Data Processing Errors Vulnerability (CVE-2015-4025)

PHP Other Vulnerability (CVE-2007-1521)

WordPress Plugin Thank You Counter Button Multiple Cross-Site Scripting Vulnerabilities (1.8.7)

WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)

Severity

Medium

Classification

CVE-2013-2119 CWE-264

Tags

Missing Update Known Vulnerabilities