CVE-2019-3816
14.03.2019, 22:29
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openwsman_project | openwsman | 𝑥 ≤ 2.6.9 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_workstation | 7.0 |
| opensuse | leap | 15.0 |
| opensuse | leap | 42.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libwsman-devel |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman1 |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman3 |
| ||||||||||||||||||||||||||||||||||||||||
| libwsman_clientpp1 |
| ||||||||||||||||||||||||||||||||||||||||
| openwsman-server |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| libwsman-devel |
| ||||
| libwsman1 |
| ||||
| openwsman-client |
| ||||
| openwsman-perl |
| ||||
| openwsman-python |
| ||||
| openwsman-python3 |
| ||||
| openwsman-ruby |
| ||||
| openwsman-server |
|
References