Executive Summary

Informations
Name CVE-2017-16355 First vendor Publication 2017-12-14
Vendor Cve Last vendor Modification 2019-10-28

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 4.7
Base Score 4.7 Environmental Score 4.7
impact SubScore 3.6 Temporal Score 4.7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.2 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 95
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-12-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8cf25a29e06311e79b2c001e672571bc.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ https://seclists.org/bugtraq/2019/Mar/34
CONFIRM https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541...
DEBIAN https://www.debian.org/security/2019/dsa-4415

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:59:39
  • Multiple Updates
2021-04-22 02:13:58
  • Multiple Updates
2020-05-23 02:04:10
  • Multiple Updates
2020-05-23 00:57:42
  • Multiple Updates
2019-04-26 21:19:37
  • Multiple Updates
2019-03-25 13:19:25
  • Multiple Updates
2019-03-25 00:19:04
  • Multiple Updates
2018-01-12 21:22:41
  • Multiple Updates
2017-12-15 05:20:26
  • First insertion