[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3201Date: (C)2015-06-10   (M)2023-12-22


Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-75066
FEDORA-2015-8867
FEDORA-2015-8919
RHSA-2015:1052
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2372
http://icedtea.classpath.org/hg/thermostat/rev/c2f18f81f57a

CWE    1
CWE-200
OVAL    3
oval:org.secpod.oval:def:109181
oval:org.secpod.oval:def:505050
oval:org.secpod.oval:def:109166

© SecPod Technologies