7.5

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenshift Version1.0 Update- Editionenterprise
RedhatOpenshift Origin Version <= 1.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.2% 0.803
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-0148.html
Vendor Advisory
http://www.osvdb.org/89431
http://www.securityfocus.com/bid/57189
https://bugzilla.redhat.com/show_bug.cgi?id=888518
https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00
https://github.com/openshift/origin-server/pull/1017