Description

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Remediation

References

CVE-2014-1832

Related Vulnerabilities

WordPress Plugin File Manager Advanced Shortcode Directory Traversal (2.4)

WordPress Plugin AnyVar Cross-Site Scripting (0.1.1)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)

WordPress Plugin Print-O-Matic Cross-Site Scripting (2.0.2)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)

Severity

Low

Classification

CVE-2014-1832

Tags

Missing Update Known Vulnerabilities