CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 50/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2013-01-02
Medium

CVE-2012-6462

Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.

CVSS: 5.0 CWE: CWE-264 View on NVD
2012-12-18
Critical

CVE-2012-6422

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which al…

CVSS: 9.3 CWE: CWE-264 View on NVD
2012-11-14
High

CVE-2012-5458

VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a cra…

CVSS: 8.3 CWE: CWE-264 View on NVD
Low

CVE-2012-2531

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulner…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2012-10-22
Low

CVE-2012-2679

Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive…

CVSS: 2.1 CWE: CWE-264 View on NVD
2012-09-28
Medium

CVE-2012-3492

The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows re…

CVSS: 6.4 CWE: CWE-287 - Improper Authentication View on NVD
2012-06-22
Medium

CVE-2012-0304

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file.

CVSS: 6.9 CWE: CWE-264 View on NVD
2012-06-16
Medium

CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.

CVSS: 5.0 CWE: CWE-264 View on NVD
2012-06-07
Low

CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows…

CVSS: 2.1 CWE: CWE-264 View on NVD
2012-05-01
Medium

CVE-2012-0279

Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse f…

CVSS: 6.9 CWE: CWE-264 View on NVD
2012-02-01
Low

CVE-2012-0450

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standar…

CVSS: 2.1 CWE: CWE-264 View on NVD
2012-01-19
Medium

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/…

CVSS: 4.6 CWE: CWE-264 View on NVD
2011-12-30
High

CVE-2011-5044

SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program.

CVSS: 7.2 CWE: CWE-264 View on NVD
2011-12-13
High

CVE-2011-4202

The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.

CVSS: 7.2 CWE: CWE-264 View on NVD
2011-11-03
Medium

CVE-2011-3993

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak…

CVSS: 5.5 CWE: CWE-264 View on NVD
2011-08-10
High

CVE-2011-3123

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows…

CVSS: 7.2 CWE: CWE-264 View on NVD
2011-07-07
Medium

CVE-2011-2678

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing t…

CVSS: 6.8 CWE: N/A View on NVD
2011-05-13
Low

CVE-2011-0995

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges v…

CVSS: 2.1 CWE: CWE-264 View on NVD
2011-04-22
Medium

CVE-2011-1421

EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via un…

CVSS: 6.9 CWE: CWE-264 View on NVD
2011-04-18
Low

CVE-2011-1717

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of bir…

CVSS: 2.1 CWE: CWE-264 View on NVD
2011-03-28
High

CVE-2011-1420

EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

CVSS: 7.2 CWE: CWE-264 View on NVD
2011-02-10
Critical

CVE-2011-0564

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vector…

CVSS: 9.3 CWE: CWE-264 View on NVD
2010-12-09
Low

CVE-2010-0530

Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading fi…

CVSS: 2.1 CWE: CWE-264 View on NVD
2010-12-08
Medium

CVE-2010-3920

The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 and LP-S7100 before 4.1.7, or as downloaded from the vendor between May 2010 and 20101125, set weak permissions for the "C:\Progra…

CVSS: 4.6 CWE: CWE-264 View on NVD
2010-12-07
Medium

CVE-2010-4176

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from…

CVSS: 4.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2010-01-14
High

CVE-2010-0184

The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak p…

CVSS: 7.2 CWE: CWE-264 View on NVD
2010-01-04
High

CVE-2009-4556

Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges…

CVSS: 7.2 CWE: CWE-264 View on NVD
2009-12-29
Medium

CVE-2009-4452

Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and…

CVSS: 6.8 CWE: CWE-264 View on NVD
2009-12-08
Medium

CVE-2009-4235

acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of servi…

CVSS: 6.9 CWE: CWE-264 View on NVD
Medium

CVE-2009-4033

A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and…

CVSS: 6.9 CWE: CWE-264 View on NVD
2009-12-07
High

CVE-2009-4215

Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replac…

CVSS: 7.2 CWE: CWE-264 View on NVD
2009-11-13
Medium

CVE-2009-2816

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS req…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2009-09-30
High

CVE-2009-3482

TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by re…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2009-04-28
Medium

CVE-2009-1460

razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root director…

CVSS: 4.6 CWE: CWE-264 View on NVD
2009-03-31
Low

CVE-2009-1173

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have…

CVSS: 2.1 CWE: CWE-264 View on NVD
2009-01-20
Low

CVE-2008-2368

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these file…

CVSS: 2.1 CWE: CWE-255 View on NVD
2008-10-13
Medium

CVE-2008-4545

Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain se…

CVSS: 4.0 CWE: CWE-264 View on NVD
2008-09-16
Low

CVE-2008-3619

Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

CVSS: 2.1 CWE: CWE-264 View on NVD
Medium

CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might al…

CVSS: 5.0 CWE: CWE-264 View on NVD
2008-09-11
High

CVE-2008-4018

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this fi…

CVSS: 7.2 CWE: CWE-264 View on NVD
2008-08-27
Low

CVE-2008-3789

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

CVSS: 2.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2008-08-01
Medium

CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proxim…

CVSS: 4.9 CWE: CWE-310 View on NVD
2008-07-01
Medium

CVE-2008-2313

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

CVSS: 4.6 CWE: CWE-264 View on NVD
2008-06-18
Low

CVE-2008-2747

No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2008-02-12
Medium

CVE-2008-0730

The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .X…

CVSS: 4.6 CWE: CWE-264 View on NVD
2008-01-09
High

CVE-2007-5761

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a de…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-12-28
Medium

CVE-2007-6594

IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is c…

CVSS: 6.9 CWE: CWE-264 View on NVD
2007-11-05
Low

CVE-2007-5827

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

CVSS: 2.1 CWE: CWE-264 View on NVD
Medium

CVE-2007-5829

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permi…

CVSS: 6.0 CWE: CWE-264 View on NVD
Low

CVE-2007-5819

IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary fil…

CVSS: 2.1 CWE: CWE-264 View on NVD
2007-10-31
Low

CVE-2007-5751

Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.

CVSS: 2.1 CWE: CWE-264 View on NVD
2007-10-30
Medium

CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) fo…

CVSS: 6.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-10-29
High

CVE-2007-5544

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2007-10-06
High

CVE-2007-5254

VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrat…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-08-31
High

CVE-2007-4648

The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4649

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-08-18
Medium

CVE-2007-4415

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to…

CVSS: 6.8 CWE: N/A View on NVD
2007-08-08
Medium

CVE-2007-4191

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE o…

CVSS: 6.9 CWE: N/A View on NVD
2007-07-06
Medium

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably relat…

CVSS: 5.0 CWE: N/A View on NVD
2007-06-29
Medium

CVE-2006-7211

fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.

CVSS: 4.9 CWE: N/A View on NVD
2007-05-11
High

CVE-2007-2523

CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify…

CVSS: 7.2 CWE: N/A View on NVD
2007-04-30
Medium

CVE-2007-2361

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (…

CVSS: 4.9 CWE: N/A View on NVD
2007-03-20
Low

CVE-2007-1537

\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using…

CVSS: 3.6 CWE: N/A View on NVD
2007-03-02
Medium

CVE-2007-1226

McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanni…

CVSS: 4.1 CWE: N/A View on NVD
2007-01-19
Medium

CVE-2007-0367

Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating…

CVSS: 4.6 CWE: N/A View on NVD
2007-01-18
Medium

CVE-2007-0345

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/…

CVSS: 6.8 CWE: N/A View on NVD
2006-12-15
Medium

CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, a…

CVSS: 4.4 CWE: N/A View on NVD
2006-12-11
Critical

CVE-2006-6471

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.

CVSS: 10.0 CWE: N/A View on NVD
2006-12-04
Low

CVE-2006-6286

Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and tod…

CVSS: 1.7 CWE: N/A View on NVD
2006-10-16
Low

CVE-2006-5298

The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to c…

CVSS: 1.2 CWE: N/A View on NVD
2006-10-10
Low

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors f…

CVSS: 1.2 CWE: N/A View on NVD
2006-09-09
High

CVE-2006-4657

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalS…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-4663

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local us…

CVSS: 7.8 CWE: N/A View on NVD
2006-05-12
Medium

CVE-2006-2316

S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify pass…

CVSS: 4.9 CWE: N/A View on NVD
2006-03-14
Medium

CVE-2006-1221

Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a…

CVSS: 6.2 CWE: N/A View on NVD
2002-09-05
Critical

CVE-2002-0721

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote at…

CVSS: 10.0 CWE: N/A View on NVD
2002-05-16
Low

CVE-2002-0214

Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allow…

CVSS: 2.1 CWE: N/A View on NVD
2001-08-22
High

CVE-2001-0634

Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.

CVSS: 7.2 CWE: N/A View on NVD