ByteOS Network

NVD Vulnerability Details :

CVE-2017-15111

Modified

Source-secalert@redhat.com

Published At-20 Jan, 2018 | 00:29

Updated At-06 Aug, 2019 | 17:15

keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary	2.0	3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P

CPE Matches

keycloak-httpd-client-install_project>>keycloak-httpd-client-install>>Versions before 0.8(exclusive)

cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	nvd@nist.gov
CWE-377	Secondary	secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2019:2137	secalert@redhat.com	N/A
https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440	secalert@redhat.com	Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History