Vulnerability Details : CVE-2015-5719
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2015-5719
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5719
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2015-5719
-
http://www.securityfocus.com/bid/92740
Malware Information Sharing Platform CVE-2015-5719 Insecure Temporary File Creation Vulnerability
-
https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699
Fix to an incorrect validation of temporary filenames · MISP/MISP@27cc167 · GitHubIssue Tracking;Patch
-
https://www.circl.lu/advisory/CVE-2015-5719/
CIRCL » CVE-2015-5719 - Vulnerability in MISP (Malware Information Sharing Platform) - Incorrect validation of temporary filenamesThird Party Advisory
Products affected by CVE-2015-5719
- cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*