ByteOS Network

NVD Vulnerability Details :

CVE-2013-1889

Modified

Source-secalert@redhat.com

Published At-08 Nov, 2019 | 16:15

Updated At-07 Nov, 2023 | 02:14

mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

mod_ruid2_project>>mod_ruid2>>Versions before 0.9.8(exclusive)

cpe:2.3:a:mod_ruid2_project:mod_ruid2:*:*:*:*:*:apache:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2013/03/23/1	secalert@redhat.com	Mailing List Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/83035	secalert@redhat.com	Third Party Advisory VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-1889	secalert@redhat.com	Third Party Advisory
https://sourceforge.net/p/mod-ruid/mailman/mod-ruid-announce/thread/514C503E.4020109%40users.sourceforge.net/	secalert@redhat.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History