Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4663

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-4663
Last Modified 29 Dec 2014 11:32:29
Published 27 Dec 2014 07:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-4663

Summary

git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.

Vulnerable Systems

Application

  • Redmine Git Hosting Plugin -


References

MISC - http://www.sec-1.com/blog/2013/redmine-git-hosting-plugin-remote-command-execution


Last Updated: 27 May 2016 11:07:22