CVE-2017-5613

Опубликовано: 03 мар. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

Ссылки

http://www.openwall.com/lists/oss-security/2017/01/28/8
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95870
Third Party Advisory
VDB Entry
https://news.cpanel.com/tsr-2017-0001-full-disclosure/
Vendor Advisory
http://www.openwall.com/lists/oss-security/2017/01/28/8
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/95870
Third Party Advisory
VDB Entry
https://news.cpanel.com/tsr-2017-0001-full-disclosure/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*

cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.0052

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-134

Связанные уязвимости

CVE-2017-5613

CVSS3: 7.8

ubuntu

почти 9 лет назад

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

CVE-2017-5613

CVSS3: 7.8

debian

почти 9 лет назад

Format string vulnerability in cgiemail and cgiecho allows remote atta ...

GHSA-gh36-xvm9-3hm2

CVSS3: 7.8

github

больше 3 лет назад

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

EPSS

Процентиль: 66%

0.0052

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-134