Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-4848-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-40220

An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

Directory traversal

A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-40969

CVE-2022-40969 (Siretta QUARTZ-GOLD) is a OS command injection vulnerability in the httpd delfile.cgi file-management endpoint. Talos reports that the delfile.cgi handler accepts a parameter named _filename, appends it to a base folder path, and then executes rm -rf / via system(), with the filen...

CVE-2022-38459

A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-38715

TALOS-2022-1610 confirms a leftover debug code vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020: an authenticated HTTP request to httpd shell.cgi can trigger arbitrary command execution due to a debug API that was not disabled in the AdvancedTomato-based web server. The CVE (CVE-2022-3...

CVE-2022-40220

Cisco Talos details CVE-2022-40220: OS command injection in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 via httpd txt/restore.cgi. The vulnerability arises when nvram key/value lines from the request body are parsed and fed to system() without validation, enabling arbitrary command execution. TALO...

PT-2023-13471 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A stack-based buffer overflow issue exists in the httpd delfile.cgi functionality. This can be triggered by a specially-crafted HTTP request, potentially leading to remote code...

PT-2023-13894 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A directory traversal issue exists in the httpd delfile.cgi functionality, allowing an attacker to send a specially-crafted HTTP request to delete arbitrary files. Recommendation...

PT-2023-13580 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A command injection issue exists in the httpd SNMP functionality, allowing arbitrary command execution through a specially-crafted HTTP response. An attacker can trigger this iss...

PT-2023-13586 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A directory traversal issue exists in the httpd downfile.cgi functionality, allowing an attacker to send a specially-crafted HTTP request to read arbitrary files. Recommendations...

FreshTomato httpd update.cgi directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1642 FreshTomato httpd update.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38451 SUMMARY A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can...

Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1610 Siretta QUARTZ-GOLD httpd shell.cgi leftover debug code vulnerability January 26, 2023 CVE Number CVE-2022-38715 SUMMARY A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1608 Siretta QUARTZ-GOLD httpd downfile.cgi stack-based buffer overflow vulnerability January 26, 2023 CVE Number CVE-2022-38459 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD...

Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1609 Siretta QUARTZ-GOLD httpd downfile.cgi directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-38088 SUMMARY A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...

FreshTomato httpd logs/view.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1641 FreshTomato httpd logs/view.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-42484 SUMMARY An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP...