Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.704142 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 4142-1 (uwsgi - security update) |
Zusammenfassung: | Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,;self-healing application container server, does not properly handle a;DOCUMENT_ROOT check during use of the --php-docroot option, allowing a;remote attacker to mount a directory traversal attack and gain;unauthorized read access to sensitive files located outside of the web;root directory. |
Beschreibung: | Summary: Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory. Affected Software/OS: uwsgi on Debian Linux Solution: For the oldstable distribution (jessie), this problem has been fixed in version 2.0.7-1+deb8u2. This update additionally includes the fix for CVE-2018-6758 which was aimed to be addressed in the upcoming jessie point release. For the stable distribution (stretch), this problem has been fixed in version 2.0.14+20161117-3+deb9u2. We recommend that you upgrade your uwsgi packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-6758 http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7490 Debian Security Information: DSA-4142 (Google Search) https://www.debian.org/security/2018/dsa-4142 https://www.exploit-db.com/exploits/44223/ |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |