Lucene search

[email protected]NVD:CVE-2017-17562

HistoryDec 12, 2017 - 7:29 p.m.

CVE-2017-17562

2017-12-1219:29:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.974

Percentile

100.0%

JSON

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.

Affected configurations

Nvd

Node

embedthisgoaheadRange<3.6.5

Node

oracleintegrated_lights_out_managerMatch3.0

oracleintegrated_lights_out_managerMatch4.0

VendorProductVersionCPE
embedthisgoahead*cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*
oracleintegrated_lights_out_manager3.0cpe:2.3:a:oracle:integrated_lights_out_manager:3.0:*:*:*:*:*:*:*
oracleintegrated_lights_out_manager4.0cpe:2.3:a:oracle:integrated_lights_out_manager:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
embedthis	goahead	*	cpe:2.3:a:embedthis:goahead::::::::
oracle	integrated_lights_out_manager	3.0	cpe:2.3:a:oracle:integrated_lights_out_manager:3.0:::::::*
oracle	integrated_lights_out_manager	4.0	cpe:2.3:a:oracle:integrated_lights_out_manager:4.0:::::::*