CVE-2012-6135

HIGH

RubyGems passenger 4.0.0 beta1-beta2 - Arbitrary File Deletion

Title source: llm
STIX 2.1

Description

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

References (5)

Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2012-6135
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/03/02/1
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/82533
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/58259

Scores

CVSS v3 7.5
EPSS 0.0127
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
phusion/passenger 4.0.0 beta1 (2 CPE variants)
redhat/openshift 1.0
rubygems/passenger 0 - 4.0.0.rc4RubyGems
Published Nov 19, 2019
Tracked Since Feb 18, 2026