Rsyslog
CVE-2015-3243
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
AnalysisAI
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-532. rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. Affected products include: Rsyslog.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of serv
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly al
An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
An issue was discovered in Rsyslog v8.1908.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. R
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to ca
Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely explo
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today