CVE-2012-5646

EPSS 0.93%
Published 24.02.2013 21:55:00
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Version1.0 Update- Editionenterprise

Redhat ≫ Openshift Origin Version <= 1.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.93%	0.741

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-0148.html

Vendor Advisory

http://www.osvdb.org/89431

http://www.securityfocus.com/bid/57189

https://bugzilla.redhat.com/show_bug.cgi?id=888518

https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00

https://github.com/openshift/origin-server/pull/1017

https://nvd.nist.gov/vuln/detail/CVE-2012-5646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5646

EUVD