Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2017-11610
HistoryAug 23, 2017 - 12:00 a.m.

CVE-2017-11610

2017-08-2300:00:00
ubuntu.com
ubuntu.com
20

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x
before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to
execute arbitrary commands via a crafted XML-RPC request, related to nested
supervisord namespace lookups.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchsupervisor< 3.0b2-1ubuntu0.1UNKNOWN
ubuntu16.04noarchsupervisor< 3.2.0-2ubuntu0.2UNKNOWN
ubuntu17.04noarchsupervisor< 3.3.1-1+deb9u1build0.17.04.1UNKNOWN

Related

packetstorm 1
nessus 7
debian 3
debiancve 1
github 1
prion 1
seebug 1
osv 5
veracode 2
fedora 3
cve 1
openvas 6
mageia 1
freebsd 1
gentoo 1
nuclei 1
zdt 1
redhatcve 1
metasploit 1
attackerkb 1
alpinelinux 1
redhat 1
exploitdb 1
threatpost 1
myhack58 1
packetstorm
packetstorm
Supervisor XML-RPC Authenticated Remote Code Execution
2017-09-25 00:00:00
nessus
nessus
Debian DSA-3942-1 : supervisor - security update
2017-08-14 00:00:00
Fedora 25 : supervisor (2017-85eb9f7a36)
2017-08-09 00:00:00
Fedora 26 : supervisor (2017-307eab89e1)
2017-08-08 00:00:00
debian
debian
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
[SECURITY] [DLA 1047-1] supervisor security update
2017-07-31 12:59:48
[SECURITY] [DSA 3942-1] supervisor security update
2017-08-13 19:45:15
debiancve
debiancve
CVE-2017-11610
2017-08-23 14:29:00
github
github
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
prion
prion
Cross site request forgery (csrf)
2017-08-23 14:29:00
seebug
seebug
Supervisor Authenticated Remote Code Execution(CVE-2017-11610)
2017-07-27 00:00:00
osv
osv
supervisor - security update
2017-07-31 00:00:00
PYSEC-2017-41
2017-08-23 14:29:00
Incorrect Default Permissions in Supervisor
2022-05-13 01:42:26
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:19:14
Remote Code Execution (RCE)
2017-07-24 22:39:07
fedora
fedora
[SECURITY] Fedora 24 Update: supervisor-3.1.4-1.fc24
2017-08-07 20:18:38
[SECURITY] Fedora 25 Update: supervisor-3.2.4-1.fc25
2017-08-07 21:23:15
[SECURITY] Fedora 26 Update: supervisor-3.3.3-1.fc26
2017-08-07 17:22:19
cve
cve
CVE-2017-11610
2017-08-23 14:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0263)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3942-1)
2017-08-12 00:00:00
Debian: Security Advisory (DLA-1047-1)
2018-02-07 00:00:00
mageia
mageia
Updated supervisor packages fix security vulnerability
2017-08-13 16:17:41
freebsd
freebsd
Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests
2017-07-24 00:00:00
gentoo
gentoo
Supervisor: command injection vulnerability
2017-09-17 00:00:00
nuclei
nuclei
XML-RPC Server - Remote Code Execution
2021-11-15 23:27:25
zdt
zdt
Supervisor XML-RPC Authenticated Remote Code Execution Exploit
2017-09-25 00:00:00
redhatcve
redhatcve
CVE-2017-11610
2017-07-28 07:19:44
metasploit
metasploit
Supervisor XML-RPC Authenticated Remote Code Execution
2017-08-30 02:10:46
attackerkb
attackerkb
CVE-2017-11610
2017-08-23 00:00:00
alpinelinux
alpinelinux
CVE-2017-11610
2017-08-23 14:29:00
redhat
redhat
(RHSA-2017:3005) Important: Red Hat CloudForms security, bug fix, and enhancement update
2017-10-24 00:00:47
exploitdb
exploitdb
Supervisor 3.0a1 &lt; 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
2017-09-25 00:00:00
threatpost
threatpost
Golang Cryptomining Worm Offers 15% Speed Boost
2021-08-06 20:41:40
myhack58
myhack58
Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net
2019-03-12 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for UB:CVE-2017-11610
packetstorm1nessus7debian3debiancve1github1prion1seebug1osv5veracode2fedora3cve1openvas6mageia1freebsd1gentoo1nuclei1zdt1redhatcve1metasploit1attackerkb1alpinelinux1redhat1exploitdb1threatpost1myhack581