CVE-2016-9772

MEDIUM

Openafs < 1.6.19 - Information Disclosure

Title source: rule

Description

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.

References (3)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/12/02/9

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94651

[Vendor Advisory] https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 49.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

openafs/openafs < 1.6.19

n/a/n/a

Timeline

Published Feb 06, 2017

Tracked Since Feb 18, 2026