Vulnerability Details : CVE-2013-1090
The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.
Products affected by CVE-2013-1090
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1090
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1090
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-1090
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1090
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00025.html
openSUSE-SU-2013:1826-1: moderate: update for horde5Vendor Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=811369
Bug 811369 – VUL-0: CVE-2013-1090: horde5: incorrect ownership of /etc/apache2/vhosts.d
Jump to