Executive Summary

Informations
NameCVE-2017-1000115First vendor Publication2017-10-04
VendorCveLast vendor Modification2019-05-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

CWE : Common Weakness Enumeration

%idName
100 %CWE-59Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application104
Os2
Os1
Os1
Os2
Os3
Os2
Os1

Nessus® Vulnerability Scanner

DateDescription
2017-10-17Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b0628e53092a4037938b29805a7cd31b.nasl - Type : ACT_GATHER_INFO
2017-09-29Name : The remote Fedora host is missing a security update.
File : fedora_2017-fa1d8ad61a.nasl - Type : ACT_GATHER_INFO
2017-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201709-18.nasl - Type : ACT_GATHER_INFO
2017-09-15Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-893.nasl - Type : ACT_GATHER_INFO
2017-09-11Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1217.nasl - Type : ACT_GATHER_INFO
2017-09-11Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1218.nasl - Type : ACT_GATHER_INFO
2017-09-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3963.nasl - Type : ACT_GATHER_INFO
2017-09-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-2489.nasl - Type : ACT_GATHER_INFO
2017-09-01Name : The remote Debian host is missing a security update.
File : debian_DLA-1072.nasl - Type : ACT_GATHER_INFO
2017-08-30Name : The remote Fedora host is missing a security update.
File : fedora_2017-f03b04acbb.nasl - Type : ACT_GATHER_INFO
2017-08-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170817_mercurial_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-941.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-2489.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2489.nasl - Type : ACT_GATHER_INFO
2017-08-14Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-223-03.nasl - Type : ACT_GATHER_INFO
2017-08-14Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1d33cdee7f6b11e7a9b53debb10a6871.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/100290
CONFIRM https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-0...
DEBIAN http://www.debian.org/security/2017/dsa-3963
GENTOO https://security.gentoo.org/glsa/201709-18
REDHAT https://access.redhat.com/errata/RHSA-2017:2489

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2019-05-10 21:19:15
  • Multiple Updates
2019-05-01 12:07:58
  • Multiple Updates
2018-01-05 09:23:59
  • Multiple Updates
2017-11-06 09:22:37
  • Multiple Updates
2017-10-18 13:24:52
  • Multiple Updates
2017-10-14 00:22:55
  • Multiple Updates
2017-10-05 09:23:11
  • First insertion