CVE-2013-2119
Published Jan 3, 2014
Last updated 2 years ago
Overview
- Description
- Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C",
"versionEndIncluding": "3.0.20"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD8C8495-4011-4B96-BB78-430B1F508548"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CD685C8-82D3-497A-84E9-238D19F15FE7"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40AD3808-45E1-4889-98AF-4267B9DB17A6"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36FCE653-AFE2-4291-872E-9CA8772F0CAD"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EF4B9EF-23CC-46E3-8700-36633924B9CF"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "522C4CC8-9B97-4E1D-B82B-073D14444909"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9FEA652-5FFF-443F-983B-4FC5A4478F9E"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3907694B-8E1A-4C5B-ABF0-90F023845557"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2AA53B5-4F58-4D38-80D7-42771F2C295C"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4472ABCB-B464-4640-A892-73B4C8CB609F"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49FEE58A-FFDD-4E00-94F7-947D32CC1350"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09AFC97E-37EF-4D68-B947-C8FB43A11245"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2267254-554B-4AF2-A72B-0E346E4657C3"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C406BAD-DCF8-4C46-9731-A81EBF387F68"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3C18671-5FB1-4C97-9FDD-6D495A748DF9"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECFAD875-6DB0-4D40-9A11-E02DA954B197"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1CC46D4-E33E-467C-B5C7-8F371D906A46"
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2595C046-B304-42F3-8194-C259EFDBCA76"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E038BCDC-E14F-4D37-981C-BB80853C148C"
}
],
"operator": "OR"
}
]
}
]