CVE-2015-5719

MISP/MISP

on github

Published

September 3, 2016

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

10 HIGH

Description

app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.

References

https://www.circl.lu/advisory/CVE-2015-5719/
https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699
http://www.securityfocus.com/bid/92740

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp-project:malware_information_sharing_platform::::::::	n/a	2.3.91 (including)	*

External Links

NVD - CVE-2015-5719