CVE-2010-2809

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.

References

http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975

http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2

http://marc.info/?l=oss-security&m=128111493509265&w=2

http://marc.info/?l=oss-security&m=128111994317381&w=2

http://www.securityfocus.com/bid/42297

http://www.uzbl.org/bugs/index.php?do=details&task_id=240

http://www.uzbl.org/news.php?id=29

https://bugzilla.redhat.com/show_bug.cgi?id=621964

https://bugzilla.redhat.com/show_bug.cgi?id=621965

https://exchange.xforce.ibmcloud.com/vulnerabilities/61011

Details

Source: MITRE

Published: 2010-08-19

Updated: 2017-08-17

Type: CWE-94

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
48413Fedora 14 : uzbl-0-0.16.20100626gitafc0f873e.fc14 (2010-12386)NessusFedora Local Security Checks
medium
48389Fedora 12 : uzbl-0-0.16.20100626gitafc0f873e.fc12 (2010-12276)NessusFedora Local Security Checks
medium
48388Fedora 13 : uzbl-0-0.16.20100626gitafc0f873e.fc13 (2010-12260)NessusFedora Local Security Checks
medium