Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use, (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp, (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp, and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp, related to (a) lib/wafp_pidify.rb, (b) utils/generate_wafp_fingerprint.sh, (c) utils/online_update.sh, and (d) utils/extract_from_db.sh.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Web Application Finger Printer 安全漏洞
Vulnerability Description
Web Application Finger Printer(WAFP)是一款 Web 应用程序指纹打印机。 Web Application Finger Printer (WAFP) 存在安全漏洞,该漏洞源于 Web Application Finger Printer (WAFP) 0.01-26c3 使用 /tmp 下的固定路径名作为临时文件和目录,这 (1) 允许本地用户通过使用产品期望的路径名创建文件来导致拒绝服务(应用程序中断)可供其内部使用,(2) 允许本地用户通过对 /tmp 中某些文件的
CVSS Information
N/A
Vulnerability Type
N/A