Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:15BD4D634395BF2DE95F05949241B145
HistoryJul 14, 2014 - 12:00 a.m.

GitList blame resource command injection

2014-07-1400:00:00
SAINT Corporation
my.saintcorporation.com
21

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.958

Percentile

99.5%

JSON

Added: 07/14/2014
CVE: CVE-2014-4511
BID: 68253
OSVDB: 108504

Background

GitList is a web-based git repository viewer.

Problem

A vulnerability in GitList allows remote attackers to execute arbitrary commands by sending a specially crafted request for the **blame** resource.

Resolution

Upgrade to GitList 0.5.0 or higher.

References

<http://hatriot.github.io/blog/2014/06/29/gitlist-rce/&gt;

Limitations

The URL path to a gitlist repository must be known.

Platforms

Linux

Related

openvas 1
cvelist 1
packetstorm 2
exploitpack 2
saint 3
checkpoint_advisories 1
seebug 2
zdt 2
prion 1
cve 1
metasploit 1
nvd 1
exploitdb 2
openvas
openvas
Gitlist RCE Vulnerability
2014-06-30 00:00:00
cvelist
cvelist
CVE-2014-4511
2014-07-22 14:00:00
packetstorm
packetstorm
Gitlist 0.4.0 Remote Code Execution
2014-06-30 00:00:00
Gitlist Unauthenticated Remote Command Execution
2014-07-06 00:00:00
exploitpack
exploitpack
Gitlist-0.4.0
2015-01-04 16:46:27
Gitlist 0.4.0 - Remote Code Execution
2014-06-30 00:00:00
saint
saint
GitList blame resource command injection
2014-07-14 00:00:00
GitList blame resource command injection
2014-07-14 00:00:00
GitList blame resource command injection
2014-07-14 00:00:00
checkpoint_advisories
checkpoint_advisories
GitList URL Remote Code Execution (CVE-2014-4511)
2014-10-06 00:00:00
seebug
seebug
Gitlist Unauthenticated Remote Command Execution
2014-07-08 00:00:00
Gitlist <= 0.4.0 - Remote Code Execution
2014-07-01 00:00:00
zdt
zdt
Gitlist Unauthenticated Remote Command Execution Exploit
2014-07-06 00:00:00
Gitlist <= 0.4.0 - Remote Code Execution Exploit
2014-06-30 00:00:00
prion
prion
Design/Logic Flaw
2014-07-22 14:55:00
cve
cve
CVE-2014-4511
2014-07-22 14:55:09
metasploit
metasploit
Gitlist Unauthenticated Remote Command Execution
2014-07-01 01:10:24
nvd
nvd
CVE-2014-4511
2014-07-22 14:55:09
exploitdb
exploitdb
Gitlist - Remote Command Execution (Metasploit)
2014-07-07 00:00:00
Gitlist 0.4.0 - Remote Code Execution
2014-06-30 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.958

Percentile

99.5%

JSON
Related for SAINT:15BD4D634395BF2DE95F05949241B145
openvas1cvelist1packetstorm2exploitpack2saint3checkpoint_advisories1seebug2zdt2prion1cve1metasploit1nvd1exploitdb2