Search for vulnerabilities
Vulnerability details: VCID-8xmg-7psa-aaan
Vulnerability ID VCID-8xmg-7psa-aaan
Aliases CVE-2016-1247
Summary The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-59 Improper Link Resolution Before File Access ('Link Following')
System Score Found at
generic_textual Medium http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1247.html
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.08721 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.08721 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.08721 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.08721 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.08721 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.10847 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
epss 0.25013 https://api.first.org/data/v1/epss?cve=CVE-2016-1247
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1390182
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
cvssv2 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2016-1247
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1247
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1247
archlinux High https://security.archlinux.org/AVG-138
archlinux High https://security.archlinux.org/AVG-139
generic_textual Medium https://ubuntu.com/security/notices/USN-3114-1
Reference id Reference type URL
http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1247.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json
https://api.first.org/data/v1/epss?cve=CVE-2016-1247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
http://seclists.org/fulldisclosure/2016/Nov/78
http://seclists.org/fulldisclosure/2017/Jan/33
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/
https://security.gentoo.org/glsa/201701-22
https://ubuntu.com/security/notices/USN-3114-1
https://www.exploit-db.com/exploits/40768/
https://www.youtube.com/watch?v=aTswN1k1fQs
http://www.debian.org/security/2016/dsa-3701
http://www.securityfocus.com/archive/1/539796/100/0/threaded
http://www.securityfocus.com/bid/93903
http://www.securitytracker.com/id/1037104
http://www.ubuntu.com/usn/USN-3114-1
1390182 https://bugzilla.redhat.com/show_bug.cgi?id=1390182
842295 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295
ASA-201701-23 https://security.archlinux.org/ASA-201701-23
ASA-201701-24 https://security.archlinux.org/ASA-201701-24
AVG-138 https://security.archlinux.org/AVG-138
AVG-139 https://security.archlinux.org/AVG-139
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2016-1247 Exploit http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
CVE-2016-1247 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh
CVE-2016-1247 https://nvd.nist.gov/vuln/detail/CVE-2016-1247
USN-3114-1 https://usn.ubuntu.com/3114-1/
Data source Exploit-DB
Date added Nov. 16, 2016
Description Nginx (Debian Based Distros + Gentoo) - 'logrotate' Local Privilege Escalation
Ransomware campaign use Unknown
Source publication date Nov. 16, 2016
Exploit type local
Platform linux
Source update date Nov. 16, 2017
Source URL http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:S/C:C/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1247
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.26654
EPSS Score 0.00059
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.