CyberSec.Space Logo
Back to CVE Browser

CVE-2012-6135

HIGH
7.5
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile4.31th
PublishedNov 19, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

Affected Platforms (CPE)

πŸ“¦
Phusion

Passenger

= 4.0.0
πŸ“¦
Phusion

Passenger

= 4.0.0
πŸ“¦
Redhat

Openshift

= 1.0

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2013/03/02/1
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/82533
πŸ”— https://security-tracker.debian.org/tracker/CVE-2012-6135
πŸ”— https://www.securityfocus.com/bid/58259
πŸ”— http://www.openwall.com/lists/oss-security/2013/03/02/1
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/82533

Related Vulnerabilities

CVE-2018-120269.8

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such ...

CVE-2018-120278.8

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the ...

CVE-2018-120287.8

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malici...

CVE-2016-103457.8

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could all...