PT-2017-7358 · Netbsd · Bozohttpd

Mateusz Kocielski

Publicado

2017-01-19

Atualizado

2017-01-20

CVE-2015-8212

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bozohttpd in NetBSD versions 6.0 through 6.0.6 bozohttpd in NetBSD versions 6.1 through 6.1.5 bozohttpd in NetBSD versions 7.0

Description A flaw in CGI handling in bozohttpd allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

Recommendations For NetBSD versions 6.0 through 6.0.6, update to a version that includes the fix for the CGI handling flaw. For NetBSD versions 6.1 through 6.1.5, update to a version that includes the fix for the CGI handling flaw. For NetBSD version 7.0, update to a version that includes the fix for the CGI handling flaw.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-8212

DLA-490-1

Produtos afetados

Bozohttpd

PT-2017-7358 · Netbsd · Bozohttpd

CVE-2015-8212

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8