CVE-2008-7313
CRITICAL severity · CVSS 9.8 · Command injection
9.8CVSS CRITICAL
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)5%
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 ↗
Additional information
- NVD record
- http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27Patch
- http://www.openwall.com/lists/oss-security/2014/07/09/11Patch
- http://www.openwall.com/lists/oss-security/2014/07/16/10Patch
- http://www.openwall.com/lists/oss-security/2014/07/18/2Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=1121497Patch
- https://rhn.redhat.com/errata/RHSA-2017-0211.htmlPatch
- http://www.securityfocus.com/bid/68776Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94737Advisory