Search for vulnerabilities
Vulnerability details: VCID-bxkz-2m5x-aaaj
Vulnerability ID VCID-bxkz-2m5x-aaaj
Aliases CVE-2014-0185
Summary CVE-2014-0185 php: insecure default permissions on the FPM unix socket
Status Published
Exploitability 0.5
Weighted Severity 6.5
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-269 Improper Privilege Management
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0185.html
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2014-0185
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2014-0185
generic_textual Medium https://ubuntu.com/security/notices/USN-2254-1
generic_textual Medium http://www.openwall.com/lists/oss-security/2014/04/29/5
generic_textual Low http://www.php.net/ChangeLog-5.php
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0185.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0185.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0185
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027
https://bugs.php.net/bug.php?id=67060
https://bugzilla.redhat.com/show_bug.cgi?id=1092815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://secunia.com/advisories/59061
http://secunia.com/advisories/59329
https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
https://ubuntu.com/security/notices/USN-2254-1
http://support.apple.com/kb/HT6443
http://www.openwall.com/lists/oss-security/2014/04/29/5
http://www.php.net/archive/2014.php#id2014-05-01-1
http://www.php.net/ChangeLog-5.php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
CVE-2014-0185 https://nvd.nist.gov/vuln/detail/CVE-2014-0185
GLSA-201408-11 https://security.gentoo.org/glsa/201408-11
USN-2254-1 https://usn.ubuntu.com/2254-1/
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0185
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.16864
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.