CVE-2013-2119
NONE EPSS 32.0%
Published Jan 3, 201412y ago · Modified Jun 16, 20262w ago
Published Jan 3, 2014 12y ago
Last Modified Jun 16, 2026 2w ago
Description
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Threat Intelligence
EPSS Exploit Probability
32.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 26
| Vendor | Product | Version | Range |
|---|---|---|---|
| phusion | passenger | * | ≤3.0.20 |
| phusion | passenger | 3.0.0 | any |
| phusion | passenger | 3.0.1 | any |
| phusion | passenger | 3.0.2 | any |
| phusion | passenger | 3.0.3 | any |
| phusion | passenger | 3.0.4 | any |
| phusion | passenger | 3.0.5 | any |
| phusion | passenger | 3.0.6 | any |
| phusion | passenger | 3.0.7 | any |
| phusion | passenger | 3.0.8 | any |
| phusion | passenger | 3.0.9 | any |
| phusion | passenger | 3.0.10 | any |
| phusion | passenger | 3.0.11 | any |
| phusion | passenger | 3.0.12 | any |
| phusion | passenger | 3.0.13 | any |
| phusion | passenger | 3.0.14 | any |
| phusion | passenger | 3.0.15 | any |
| phusion | passenger | 3.0.17 | any |
| phusion | passenger | 3.0.18 | any |
| phusion | passenger | 3.0.19 | any |
| phusion | passenger | 4.0.1 | any |
| phusion | passenger | 4.0.2 | any |
| phusion | passenger | 4.0.3 | any |
| phusion | passenger | 4.0.4 | any |
| ruby-lang | ruby | * | any |
| redhat | openshift | 1.0 | any |
References 4
- blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1136.html
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=892813
Remediation
- blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/