V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2017-02043
BDU
CriticalConfirmedExploit available

Уязвимость компонента XML-RPC веб-сервера Supervisor и операционных систем Fedora, Debian GNU/Linux связана с недостатками контроля доступа…

CVSS
9.0
Critical
EPSS
0.00
p0
Published
2017-01-01
Updated
2017-01-01
Description

Уязвимость компонента XML-RPC веб-сервера Supervisor и операционных систем Fedora, Debian GNU/Linux связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольные команды при помощи специально сформированного XML-RPC запроса, связанного с вложенными запросами пространства имен супервизора

Affected products
Apache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation SubversionApache software foundation Subversion
CVSS vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: C
Complete
Integrity Impact
I: C
Complete
Availability Impact
A: C
Complete
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
42779
exploitdb · https://www.exploit-db.com/exploits/42779
Enterprise
CVE-2017-11610
github-poc · https://github.com/Dungsocool/CVE-2017-11610
Enterprise
Affected software
ProductVendorStatus
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
subversionapache software foundationTracked
Source databases
BDU
Related vulnerabilities
CVE-2017-11610
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11610@https://lists.fedoraproject.org/archives/list/package-announce@https://lists.fedoraproject.org/archives/list/package-announce@https://lists.fedoraproject.org/archives/list/package-announce@http://www.debian.org/security/dsa-3942/@http://www.debian.org/security/2017/dsa-3942@https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt@https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt@https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt@https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt@https://github.com/Supervisor/supervisor/issues/964@https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/@https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/@https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/@https://www.exploit-db.com/exploits/42779/