Описание
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | foreman-proxy | Affected | ||
| OpenStack 3 for RHEL 6 | ruby193-foreman-proxy | Fixed | RHSA-2014:0770 | 19.06.2014 |
| OpenStack 4 for RHEL 6 | foreman-proxy | Fixed | RHSA-2014:0770 | 19.06.2014 |
| Red Hat Satellite 6.0 | foreman-proxy | Fixed | RHEA-2014:1175 | 10.09.2014 |
| Red Hat Satellite 6.0 | foreman-proxy | Fixed | RHEA-2014:1175 | 10.09.2014 |
Показывать по
10
Дополнительная информация
Статус:
Critical
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1105369foreman-proxy: smart-proxy remote command injection
EPSS
Процентиль: 91%
0.06395
Низкий
10 Critical
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
debian
больше 11 лет назад
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows ...
github
больше 3 лет назад
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
EPSS
Процентиль: 91%
0.06395
Низкий
10 Critical
CVSS2