CVE-2010-2809

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621964", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621964", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.uzbl.org/news.php?id=29", "name": "http://www.uzbl.org/news.php?id=29", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621965", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621965", "tags": [], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=oss-security&m=128111994317381&w=2", "name": "[oss-security] 20100806 Re: CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config", "tags": [], "refsource": "MLIST"}, {"url": "http://www.uzbl.org/bugs/index.php?do=details&task_id=240", "name": "http://www.uzbl.org/bugs/index.php?do=details&task_id=240", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/42297", "name": "42297", "tags": [], "refsource": "BID"}, {"url": "http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2", "name": "http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2", "tags": [], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=oss-security&m=128111493509265&w=2", "name": "[oss-security] 20100806 CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config", "tags": [], "refsource": "MLIST"}, {"url": "http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975", "name": "http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61011", "name": "uzbl-atselecteduri-command-execution(61011)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2809", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-08-19T22:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2010.04.03"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:32Z"}