CVE-2013-1889
HIGHmod_ruid2 < 0.9.8 - Chroot Bypass via CGI Script File Descriptor Handling
Title source: llmDescription
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2013-1889
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/03/23/1
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/83035
Product x_refsource_confirm
https://sourceforge.net/p/mod-ruid/mailman/mod-ruid-announce/thread/514C503E.4020109%40users.sourceforge.net/
Scores
CVSS v3
7.5
EPSS
0.0216
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
mod_ruid2_project/mod_ruid2
< 0.9.8
Published
Nov 08, 2019
Tracked Since
Feb 18, 2026