Web application abuses : Exhibitor 1.0.9 <= 1.7.1 RCE Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.143181

Kategorie: Web application abuses

Titel: Exhibitor 1.0.9 <= 1.7.1 RCE Vulnerability

Zusammenfassung: Exhibitor is prone to a remote code execution vulnerability.

Beschreibung: Summary:
Exhibitor is prone to a remote code execution vulnerability.

Vulnerability Insight:
Arbitrary shell commands surrounded by backticks or $() can be inserted into
the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any
command as the user running the Exhibitor process.

Affected Software/OS:
Exhibitor versions 1.0.9 - 1.7.1.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-5029
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0790

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.143181
Kategorie:	Web application abuses
Titel:	Exhibitor 1.0.9 <= 1.7.1 RCE Vulnerability
Zusammenfassung:	Exhibitor is prone to a remote code execution vulnerability.
Beschreibung:	Summary: Exhibitor is prone to a remote code execution vulnerability. Vulnerability Insight: Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process. Affected Software/OS: Exhibitor versions 1.0.9 - 1.7.1. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-5029 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0790
Copyright	Copyright (C) 2019 Greenbone Networks GmbH