CVE-2016-9772
MEDIUMOpenAFS < 1.6.19 - Unauthorized Sensitive Directory Information Exposure via Cache Partition
Title source: llmDescription
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
References (3)
Core 3
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/12/02/9
Vendor Advisory x_refsource_confirm
https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94651
Scores
CVSS v3
5.3
EPSS
0.0169
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
openafs/openafs
< 1.6.19
Published
Feb 06, 2017
Tracked Since
Feb 18, 2026