[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.7] supervisor: Command injection via malicious XML-RPC request (CVE-2017-11610)

ID: oval:org.secpod.oval:def:1800564Date: (C)2018-03-29   (M)2023-11-13
Class: PATCHFamily: unix




A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affected Versions¶ This vulnerability has existed in all versions of Supervisor since 3.0a1 . Fixed in:¶ Supervisor 3.3.3, Supervisor 3.2.4, Superivsor 3.1.4

Platform:
Alpine Linux 3.7
Product:
supervisor
Reference:
7685
CVE-2017-11610
CVE    1
CVE-2017-11610
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.7
cpe:/a:supervisord:supervisor

© SecPod Technologies