[wafp:20] Issue 8 in webapplicationfingerprinter: Insecure temporary directory
0 views
Skip to first unread message
webapplicatio...@googlecode.com
Apr 27, 2010, 11:33:13 AM4/27/10
to webapplicatio...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 8 by he...@nerv.fi: Insecure temporary directory
http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8
Wafp creates a temporary directory to predictable path and name. This allows
a local attacker to create a denial of service condition or possibly
disclose sensitive information to unprivileged users. This also reduces
usability of this software, because one can't run more than one wafp-
instances same time. This issue can also be leveraged to delete arbitrary
files or directories via a symlink attack.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups "webapplicationfingerprinter" group.
To post to this group, send email to webapplicatio...@googlegroups.com.
To unsubscribe from this group, send email to webapplicationfinge...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/webapplicationfingerprinter?hl=en.
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 8 by he...@nerv.fi: Insecure temporary directory
http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8
Wafp creates a temporary directory to predictable path and name. This allows
a local attacker to create a denial of service condition or possibly
disclose sensitive information to unprivileged users. This also reduces
usability of this software, because one can't run more than one wafp-
instances same time. This issue can also be leveraged to delete arbitrary
files or directories via a symlink attack.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups "webapplicationfingerprinter" group.
To post to this group, send email to webapplicatio...@googlegroups.com.
To unsubscribe from this group, send email to webapplicationfinge...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/webapplicationfingerprinter?hl=en.
webapplicatio...@googlecode.com
Apr 27, 2010, 11:58:19 AM4/27/10
to webapplicatio...@googlegroups.com
Comment #1 on issue 8 by he...@nerv.fi: Insecure temporary directory
http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8
This affects both 0.01-26c3 and SVN-revision 6.
webapplicatio...@googlecode.com
Apr 28, 2010, 10:42:52 AM4/28/10
to webapplicatio...@googlegroups.com
Comment #2 on issue 8 by he...@nerv.fi: Insecure temporary directory
http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8
CVE-2010-1438 is assigned for this issue.
Reply all
Reply to author
Forward
0 new messages