Download
| Alert*
oval:org.secpod.oval:def:70622
An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed throu ... oval:org.secpod.oval:def:603835 An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed throu ... oval:org.secpod.oval:def:2000560 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 oval:org.secpod.oval:def:1900282 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 , if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application rootfolder to a file of choice and querying passenger-status --show=xml. |