Phusion Passenger Other Vulnerability (CVE-2014-1832)

Description

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Remediation

References

CVE-2014-1832

Related Vulnerabilities

Oracle Database Server CVE-2014-4295 Vulnerability (CVE-2014-4295)

IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947)

Magento Cryptographic Issues Vulnerability (CVE-2019-7855)

Java Denial of Service (DoS) Vulnerability (CVE-2018-11212)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)

Severity

Low

Classification