Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2018-12015First vendor Publication2018-06-07
VendorCveLast vendor Modification2019-08-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application1
Application1
Application1
Application430
Os118
Os5
Os2

Nessus® Vulnerability Scanner

DateDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-4e088b6d7c.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1307.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1308.nasl - Type : ACT_GATHER_INFO
2018-08-21Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0084.nasl - Type : ACT_GATHER_INFO
2018-06-19Name : The remote Fedora host is missing a security update.
File : fedora_2018-10ae521efa.nasl - Type : ACT_GATHER_INFO
2018-06-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4226.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/104423
BUGTRAQ https://seclists.org/bugtraq/2019/Mar/42
CONFIRM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
https://security.netapp.com/advisory/ntap-20180927-0001/
https://support.apple.com/kb/HT209600
DEBIAN https://www.debian.org/security/2018/dsa-4226
FULLDISC http://seclists.org/fulldisclosure/2019/Mar/49
REDHAT https://access.redhat.com/errata/RHSA-2019:2097
SECTRACK http://www.securitytracker.com/id/1041048
UBUNTU https://usn.ubuntu.com/3684-1/
https://usn.ubuntu.com/3684-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
DateInformations
2019-08-06 21:19:55
  • Multiple Updates
2019-07-17 01:00:43
  • Multiple Updates
2019-05-30 12:09:30
  • Multiple Updates
2019-04-09 12:09:02
  • Multiple Updates
2019-03-29 21:19:30
  • Multiple Updates
2019-03-27 00:19:06
  • Multiple Updates
2019-03-26 17:19:07
  • Multiple Updates
2019-03-26 09:19:19
  • Multiple Updates
2018-09-28 17:19:37
  • Multiple Updates
2018-08-07 00:19:18
  • Multiple Updates
2018-07-23 17:19:11
  • Multiple Updates
2018-06-15 09:19:17
  • Multiple Updates
2018-06-13 09:19:20
  • Multiple Updates
2018-06-10 09:19:10
  • Multiple Updates
2018-06-07 17:19:06
  • First insertion