CVE-2012-5646

EPSS 0.93%
Veröffentlicht 24.02.2013 21:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openshift Version1.0 Update- Editionenterprise

Redhat ≫ Openshift Origin Version <= 1.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.741

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-0148.html

Vendor Advisory

http://www.osvdb.org/89431

http://www.securityfocus.com/bid/57189

https://bugzilla.redhat.com/show_bug.cgi?id=888518

https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00

https://github.com/openshift/origin-server/pull/1017

https://nvd.nist.gov/vuln/detail/CVE-2012-5646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5646

EUVD