Lucene search

K

PRIOn knowledge basePRION:CVE-2014-8517

HistoryNov 17, 2014 - 4:59 p.m.

Open redirect

2014-11-1716:59:00

PRIOn knowledge base

www.prio-n.com

6

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

CPENameOperatorVersion
mac_os_xeq10.10.0
mac_os_xeq10.10.1
mac_os_xeq10.9.5
mac_os_xeq10.8.5
netbsdeq6.1.1
netbsdeq5.2.2
netbsdeq5.1
netbsdeq6.1.3
netbsdeq6.0
netbsdeq6.1.4

Rows per page:

1-10 of 251

References

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.opensuse.org/opensuse-updates/2014-11/msg00029.html

seclists.org/oss-sec/2014/q4/459

seclists.org/oss-sec/2014/q4/464

secunia.com/advisories/62028

secunia.com/advisories/62260

support.apple.com/HT204244

security.gentoo.org/glsa/201611-05

www.exploit-db.com/exploits/43112/

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.959 High

EPSS

Percentile

99.4%

Related for PRION:CVE-2014-8517

ubuntucve1 zdt3 checkpoint_advisories1 fedora1 nessus6 archlinux1 packetstorm1 cvelist1 openvas1 freebsd1 securityvulns4 exploitpack1 gentoo1 cve1 freebsd_advisory1 debiancve1 exploitdb1