CVE-2016-9772

MEDIUM

OpenAFS < 1.6.19 - Unauthorized Sensitive Directory Information Exposure via Cache Partition

Title source: llm
STIX 2.1

Description

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.

References (3)

Core 3
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/12/02/9
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94651

Scores

CVSS v3 5.3
EPSS 0.0169
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
openafs/openafs < 1.6.19
Published Feb 06, 2017
Tracked Since Feb 18, 2026