CVE-2009-0545

Published Feb 12, 2009

Last updated 6 years ago

CVSS info 10.0

Overview

Description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C7B176B-F51B-408F-B2A4-7E8E5BE5EC90"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3B0BACE-C7A5-4682-AF8D-831695AAB59A"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD769FAD-12CE-4BFD-BF00-6E9CD9543DFE"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "687172D7-8322-435B-9DD2-93C4B06D89D6"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15488672-B1D0-41CC-8A4D-5EDC8BC94818"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B9F5A68-47C4-404D-9FFC-45EF70D3A4E1"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A57C0323-FBBF-4C7B-92C9-613594FC5726"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE92FEE0-E89D-481F-A818-529FF6BF1AB9"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3889F21-107B-4256-9329-EF327BBBED26"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F56A258-4F0F-4335-94B2-893448B3F254"
          },
          {
            "criteria": "cpe:2.3:a:zeroshell:zeroshell:1.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "176A49E5-D367-4581-9D60-DD304FE38FBC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References