CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any…

redhat·CWE-552·Published 2018-07-19

CVSS

—

EPSS

0.03

KEV

Exploits

cve.orgen

180 chars

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

NVDen

180 chars

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

NVDes

211 chars

redhat-certification no restringe correctamente los archivos que pueden descargarse mediante la página /download. Un atacante remoto podría descargar cualquier archivo accesible por el usuario que ejecuta httpd.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Secondary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N