CVE-2016-6255
Published: 7 March 2017
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
From the Ubuntu Security Team
Matthew Garrett discovered that libupnp mishandled POST requests by default. An attacker could use this vulnerability to write files to arbitrary locations in the victim's filesystem, possibly as root.
Priority
Status
Package | Release | Status |
---|---|---|
libupnp Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1:1.6.22-1)
|
|
cosmic |
Not vulnerable
(1:1.6.22-1)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(1:1.6.17-1.2+deb7u1build0.14.04.1)
|
|
upstream |
Needed
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(1:1.6.19+git20160116-1ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
hirsute |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |