CVE-2003-0084

Sažetak

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.

Reference

http://rhn.redhat.com/errata/RHSA-2003-114.html
http://www.ciac.org/ciac/bulletins/n-090.shtml
http://www.itlab.musc.edu/webNIS/mod_auth_any.html
http://www.redhat.com/support/errata/RHSA-2003-113.html
http://www.securityfocus.com/bid/7448
https://exchange.xforce.ibmcloud.com/vulnerabilities/11893

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:29

Objavljeno

12-05-2003 - 04:00