Vulnerability Details : CVE-2016-1235
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
Products affected by CVE-2016-1235
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oar_project:oar:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1235
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1235
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1235
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1235
-
http://www.debian.org/security/2016/dsa-3543
Debian -- Security Information -- DSA-3543-1 oar
-
http://oar.imag.fr/oar_2.5.7
OAR [oar_2.5.7]Patch;Vendor Advisory
-
https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
Jump to