Описание
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.6.11-2 |
| esm-apps/xenial | not-affected | 2.6.11-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.6.8-2+deb7u1ubuntu0.14.04.1]] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | released | 2.6.8-2+deb7u1ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [2.6.8-2+deb7u1ubuntu0.14.04.1] |
| upstream | released | 2.6.11-2 |
| vivid | released | 2.6.9-1+deb8u1build0.15.04.1 |
| vivid/stable-phone-overlay | DNE |
Показывать по
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
The Debian build procedure for the smokeping package in wheezy before ...
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
7.5 High
CVSS2