Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8517

Опубликовано: 17 нояб. 2014
Источник: nvd
CVSS2: 7.5
EPSS Высокий

Описание

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.84981
Высокий

7.5 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

ubuntu логотип

CVE-2014-8517

ubuntu
около 11 лет назад

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

debian логотип

CVE-2014-8517

debian
около 11 лет назад

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in Net ...

github логотип

GHSA-5gp4-x3wh-cxgj

github
больше 3 лет назад

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

EPSS

Процентиль: 99%
0.84981
Высокий

7.5 High

CVSS2

Дефекты

CWE-77