Summary
Detail | |||
---|---|---|---|
Vendor | Website Meta Language | First view | 2008-02-11 |
Product | Website Meta Language | Last view | 2008-02-11 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:website_meta_language:website_meta_language:2.0.11:*:*:*:*:*:*:* | 2 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
3.6 | 2008-02-11 | CVE-2008-0666 | Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. |
3.6 | 2008-02-11 | CVE-2008-0665 | wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:7892 | DSA-1492 wml -- insecure temporary files |
oval:org.mitre.oval:def:20163 | DSA-1492-1 wml |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
42888 | Website META Language (WML) wml_backend/p1_ipp/ipp.src ipp.$$.tmp Symlink Arb... |
42887 | Website META Language (WML) wml_backend/p3_eperl/eperl_sys.c Temp Files Symli... |
42886 | Website META Language (WML) wml_contrib/wmg.cgi /tmp/pe.tmp.$$ Symlink Arbitr... |
OpenVAS Exploits
id | Description |
---|---|
2009-04-09 | Name : Mandriva Update for wml MDVSA-2008:076 (wml) File : nvt/gb_mandriva_MDVSA_2008_076.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-23 (wml) File : nvt/glsa_200803_23.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1492-1 (wml) File : nvt/deb_1492_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-04-23 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2008-076.nasl - Type: ACT_GATHER_INFO |
2008-03-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200803-23.nasl - Type: ACT_GATHER_INFO |
2008-02-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1492.nasl - Type: ACT_GATHER_INFO |