This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Website Meta Language | First view | 2008-02-11 |
| Product | Website Meta Language | Last view | 2008-02-11 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:website_meta_language:website_meta_language:2.0.11:*:*:*:*:*:*:* | 2 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.6 | 2008-02-11 | CVE-2008-0666 | Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. |
| 3.6 | 2008-02-11 | CVE-2008-0665 | wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7892 | DSA-1492 wml -- insecure temporary files |
| oval:org.mitre.oval:def:20163 | DSA-1492-1 wml |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 42888 | Website META Language (WML) wml_backend/p1_ipp/ipp.src ipp.$$.tmp Symlink Arb... |
| 42887 | Website META Language (WML) wml_backend/p3_eperl/eperl_sys.c Temp Files Symli... |
| 42886 | Website META Language (WML) wml_contrib/wmg.cgi /tmp/pe.tmp.$$ Symlink Arbitr... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for wml MDVSA-2008:076 (wml) File : nvt/gb_mandriva_MDVSA_2008_076.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-23 (wml) File : nvt/glsa_200803_23.nasl |
| 2008-02-15 | Name : Debian Security Advisory DSA 1492-1 (wml) File : nvt/deb_1492_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-23 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2008-076.nasl - Type: ACT_GATHER_INFO |
| 2008-03-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200803-23.nasl - Type: ACT_GATHER_INFO |
| 2008-02-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1492.nasl - Type: ACT_GATHER_INFO |
