CVE-2017-9774

Опубликовано: 21 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

Ссылки

https://lists.horde.org/archives/announce/2017/001234.html
Mailing List
Vendor Advisory
https://www.debian.org/security/2018/dsa-4276
https://lists.horde.org/archives/announce/2017/001234.html
Mailing List
Vendor Advisory
https://www.debian.org/security/2018/dsa-4276

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horde:horde_image_api:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:horde:horde_image_api:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07066

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2017-9774

CVSS3: 8.8

ubuntu

больше 8 лет назад

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

CVE-2017-9774

CVSS3: 8.8

debian

больше 8 лет назад

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...

GHSA-j525-v5j5-4pq2

CVSS3: 8.8

github

больше 3 лет назад

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

EPSS

Процентиль: 91%

0.07066

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94