CVE-2013-2027

MEDIUM

Description

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

References

http://advisories.mageia.org/MGASA-2015-0096.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:158

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://bugzilla.redhat.com/show_bug.cgi?id=947949

Details

Source: MITRE

Published: 2015-02-13

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (3 total)

ID	Name	Product	Family	Severity
101815	Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)	Nessus	Misc.	critical
82411	Mandriva Linux Security Advisory : jython (MDVSA-2015:158)	Nessus	Mandriva Local Security Checks	medium
81338	openSUSE Security Update : jython (openSUSE-2015-139)	Nessus	SuSE Local Security Checks	medium