CVE-2016-1231 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
debian	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
prosody	prosody	0.9.0
prosody	prosody	0.9.1
prosody	prosody	0.9.2
prosody	prosody	0.9.3
prosody	prosody	0.9.4
prosody	prosody	0.9.5
prosody	prosody	0.9.6
prosody	prosody	0.9.7
prosody	prosody	0.9.8
debian	debian_linux	7.0
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

prosody

bullseye (security)	0.11.9-2+deb11u2 fixed
bullseye	0.11.9-2+deb11u2 fixed
squeeze	not-affected
bookworm	0.12.3-1 fixed
trixie	0.12.4-1 fixed
sid	0.12.4-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

prosody

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	Fixed 0.9.8-1ubuntu0.1 released
vivid	Fixed 0.9.7-2+deb8u2build0.15.04.1 released
trusty	Fixed 0.9.1-1ubuntu0.1 released
precise	ignored

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://blog.prosody.im/prosody-0-9-9-security-release/

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175829.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175868.html

http://www.debian.org/security/2016/dsa-3439

http://www.openwall.com/lists/oss-security/2016/01/08/5

https://prosody.im/issues/issue/520

https://prosody.im/security/advisory_20160108-1/

http://blog.prosody.im/prosody-0-9-9-security-release/

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175829.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175868.html

http://www.debian.org/security/2016/dsa-3439

http://www.openwall.com/lists/oss-security/2016/01/08/5

https://prosody.im/issues/issue/520

https://prosody.im/security/advisory_20160108-1/