Skip to main content

Passenger CVE-2014-1831

LOW
2015-02-19 cve@mitre.org
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 19, 2015 - 15:59 cve.org
LOW 2.1

DescriptionCVE.org

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

AnalysisAI

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Technical ContextAI

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. Affected products include: Phusion Passenger. Version information: before 4.0.37.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-12026 CRITICAL
9.8 Jun 17

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 al

CVE-2018-12027 HIGH
8.8 Jun 17

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosu

CVE-2016-10345 HIGH
7.8 Apr 18

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which

CVE-2018-12028 HIGH
7.8 Jun 17

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-mana

CVE-2018-12029 HIGH
7.0 Jun 17

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privil

CVE-2025-26803 MEDIUM
5.3 Feb 24

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a

CVE-2018-12615 MEDIUM
5.3 Jun 21

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. Rated

CVE-2017-16355 MEDIUM
4.7 Dec 14

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Ent

CVE-2013-2119 MEDIUM
4.6 Jan 03

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (pre

CVE-2013-4136 MEDIUM
4.4 Sep 30

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or p

CVE-2014-1832 LOW
2.1 Feb 19

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) contro

Share

CVE-2014-1831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy