PT-2012-5404 · Monkey · Monkey Http Daemon

John Lightsey

Published

2012-10-05

Updated

2020-03-26

CVE-2012-4443

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Monkey HTTP Daemon version 0.9.3

Description The issue allows local users to potentially gain privileges by exploiting cgi-bin write access during the execution of CGI scripts, as the software uses a real UID of root and a real GID of root.

Recommendations For Monkey HTTP Daemon version 0.9.3, consider restricting write access to the cgi-bin directory to prevent potential privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-4443

Affected Products

Monkey Http Daemon

PT-2012-5404 · Monkey · Monkey Http Daemon

CVE-2012-4443

Weakness Enumeration

Related Identifiers

Affected Products

References · 4