Lucene search

[email protected]CVE-2008-6556

HistoryMar 30, 2009 - 8:30 p.m.

CVE-2008-6556

2009-03-3020:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-6556

web security

remote code execution

puppet master webutil 2.3

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.

Affected configurations

NVD

Node

puppet_masterwebutilMatch2.3

CPENameOperatorVersion
puppet_master:webutilpuppet master webutileq2.3

CPE	Name	Operator	Version
puppet_master:webutil	puppet master webutil	eq	2.3

References

osvdb.org/51181

www.securityfocus.com/archive/1/489961/100/0/threaded

www.securityfocus.com/bid/28393

exchange.xforce.ibmcloud.com/vulnerabilities/41400

exchange.xforce.ibmcloud.com/vulnerabilities/49820

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2008-6556

prion1 cvelist1 nvd1