Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| webfs | webfs | * |
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| webfs | webfs | 1.20 |
| webfs | webfs | 1.18 |
| webfs | webfs | 1.19 |
| webfs | webfs | 1.17 |
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| webfs | webfs | 1.20 |
| webfs | webfs | 1.18 |
| webfs | webfs | 1.19 |
| webfs | webfs | 1.17 |
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| webfs | webfs | - |