Modification of Information in lighttpd (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2015-3200 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
lighttpd (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Modification of Information
EUVDB-ID: #VU717
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3200
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to modify information on the target system.
The weakness exists due to access control flaw that allows a malicious user to obtain and modify data.
Successful exploitation of the vulnerability leads to modification of information on the vulnerable system.
Mitigation
Install update from vendor's website.
Vulnerable software versionslighttpd (Alpine package): 1.4.35-r3
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=c1ee7a6e6d21447788c7512e7197d49ebfbc3096
https://git.alpinelinux.org/aports/commit/?id=a7cd05c24e19250420da81b72e89a4abf367b785
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
