Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phusion Passenger 安全漏洞
Vulnerability Description
Phusion Passenger是荷兰Phusion公司的一个用于在Apache和Nginx网页服务器上部署Ruby on Rails项目的Apache模块。 Phusion Passenger 4.0.37版本中存在安全漏洞。本地攻击者可通过在control_process.pid或generation-*文件上实施符号链接攻击利用该漏洞写入文件和目录。(注:该漏洞源于CNNVD-201406-379补丁的不完全修复)
CVSS Information
N/A
Vulnerability Type
N/A