Vulnerability BDU:2017-02043 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.0critical2.0

0246810

CVSS Score: 9.0/10

All CVSS Scores

CVSS 2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Description

Уязвимость компонента XML-RPC веб-сервера Supervisor и операционных систем Fedora, Debian GNU/Linux связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды при помощи специально сформированного XML-RPC запроса, связанного с вложенными запросами пространства имен супервизора

Sources

bdu

Related Vulnerabilities

CVE-2017-11610

Exploits

Exploit ID: 42779

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42779

Exploit ID: CVE-2017-11610

Source: github-poc

URL: https://github.com/yaunsky/CVE-2017-11610

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11610

https://lists.fedoraproject.org/archives/list/package-announce

http://www.debian.org/security/dsa-3942/

http://www.debian.org/security/2017/dsa-3942

https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt

https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt

https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt

https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt

https://github.com/Supervisor/supervisor/issues/964

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/

https://lists.fedoraproject.org/archives/list/package-announce

lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/

Recommendations

Source: bdu

Использование рекомендаций:
http://www.debian.org/security/2017/dsa-3942
https://github.com/Supervisor/supervisor/issues/964
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/

URL: https://bdu.fstec.ru/vul/2017-02043

Vulnerable Software (60)

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.2.2"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.2.3"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.3.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.1.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.1.1"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.1.3"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.2.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.2.1"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.3.1"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.3.2"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_exact": "3.1.2"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 24

Trait:

{  "version_end_including": "3.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.2.2"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.2.3"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.3.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.1.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.1.1"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.1.3"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.2.0"}

Source: bdu

Type: Configuration

Vendor: apache software foundation

Product: subversion

Operating System: fedora 25

Trait:

{  "version_exact": "3.2.1"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2017-02043

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (60)