mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
238 lines
8.4 KiB
JSON
238 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2011-1144",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2011-03-03T01:00:01.677",
|
|
"lastModified": "2020-01-23T14:33:48.200",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El instalador de PEAR 1.9.2 y versiones anteriores permite a los usuarios locales sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico (\"symlink attack\") en el fichero package.xml. Relacionado con los directorios (1) download_dir, (2) cache_dir, (3) tmp_dir y (4) pear-build-download. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta del CVE-2011-1072."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 3.3
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.4,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-59"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.9.2",
|
|
"matchCriteriaId": "BB14E5AC-4437-49C9-AB59-0C2894ABA386"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:0.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84D97436-9B7F-4721-9741-46440671EF13"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:0.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BB3ABD1F-BCB7-412E-BF9C-3E3753E35C54"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A286382-1A8E-4A85-969E-E86B2991FD03"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4609FA08-77D8-477F-BF06-EF1DCCF304EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:0.90:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85C03D94-A42D-4B94-A772-F224B7A51DBA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F2D5A6D-5F13-4170-895C-7D9766D66E92"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6E70348B-DD40-4312-BEC1-5B70DE0502F0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7183C6B-7916-4A9C-86B2-A1ADF2657FCD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "96B6D2DE-FFAA-47DD-B7F9-9D4A8AD5D86F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2B18D859-6AEB-416B-AD65-549664AC7702"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "25D84F7B-61EF-4609-AA12-092A82752A73"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3E691BDA-A3C4-4355-9B3B-CF4629234E0D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B15572C2-8A38-47BC-B816-D38465B3DF7C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1C78AE7-1F68-4778-B47F-3926CCD4909B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6D2C0038-0B34-45C4-8E12-CB16E29D5A88"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92E6FEDC-D820-4F24-855F-457201A7E108"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.3.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B071F3AA-120E-4ED0-951B-E3E758C9B868"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E807C846-21A6-40DA-898C-81621C917C48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.4.0:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E5187149-A430-4C18-A446-D63691C5DBC4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.4.0:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17D913D2-1DEB-4899-968C-CE1EE24B0F2E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A00E459-5F1A-4A28-9B62-D7DB43F831B2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.4.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4BB7B66-B10C-42E0-BDD5-919A724D270E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D7998B44-CABB-478C-B163-96842C8259D3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FF8D84FB-E7CD-4C23-AA3B-0B41492F9939"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2930CA3C-58D3-4DE0-969C-6B1C036A463F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:pear:1.9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1E8E8AEE-2369-4ACF-8546-B5C92DDFA338"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/02/28/5",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/03/01/4",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/03/01/5",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/03/01/7",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/03/01/8",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2011/03/01/9",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://pear.php.net/bugs/bug.php?id=18056",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65911",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |