Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP.…
canonical·CWE-200·Published 2020-04-09
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
La vulnerabilidad de exposición a la información en eXtplorer hace que los directorios del sistema /usr/ y /etc/extplorer/ sean de tipo world-accessible a través de HTTP. Introducido en el archivo de parche Makefile debian/patches/debian-changes-2.1.0b6+dfsg-1 o debian/patches/adds-a-makefile.patch, esto puede conllevar a un filtrado de datos, una divulgación de información y potencialmente una ejecución de código remota en el Servidor web. Este problema afecta a todas las versiones de eXtplorer en Ubuntu y Debian.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 5.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 5.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 5.8 | 3.9 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |