Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-4796First vendor Publication2008-10-30
VendorCveLast vendor Modification2018-10-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-6Argument Injection
CAPEC-15Command Delimiters
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-88OS Command Injection
CAPEC-108Command Line Execution through SQL Injection

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application10

OpenVAS Exploits

DateDescription
2009-12-14Name : Fedora Core 10 FEDORA-2009-13040 (moodle)
File : nvt/fcore_2009_13040.nasl
2009-09-02Name : Debian Security Advisory DSA 1871-1 (wordpress)
File : nvt/deb_1871_1.nasl
2009-09-02Name : Debian Security Advisory DSA 1871-2 (wordpress)
File : nvt/deb_1871_2.nasl
2009-06-30Name : Ubuntu USN-791-1 (moodle)
File : nvt/ubuntu_791_1.nasl
2009-06-05Name : Ubuntu USN-698-1 (nagios)
File : nvt/ubuntu_698_1.nasl
2009-04-06Name : Fedora Core 10 FEDORA-2009-3280 (moodle)
File : nvt/fcore_2009_3280.nasl
2009-04-06Name : Fedora Core 9 FEDORA-2009-3283 (moodle)
File : nvt/fcore_2009_3283.nasl
2009-02-18Name : Fedora Core 10 FEDORA-2009-1699 (moodle)
File : nvt/fcore_2009_1699.nasl
2009-02-17Name : Fedora Update for wordpress FEDORA-2008-9257
File : nvt/gb_fedora_2008_9257_wordpress_fc9.nasl
2009-02-17Name : Fedora Update for wordpress FEDORA-2008-9304
File : nvt/gb_fedora_2008_9304_wordpress_fc8.nasl
2009-02-17Name : Fedora Update for moodle FEDORA-2008-9502
File : nvt/gb_fedora_2008_9502_moodle_fc8.nasl
2009-02-17Name : Fedora Update for moodle FEDORA-2008-9508
File : nvt/gb_fedora_2008_9508_moodle_fc9.nasl
2009-02-17Name : Fedora Update for moodle FEDORA-2008-9903
File : nvt/gb_fedora_2008_9903_moodle_fc10.nasl
2009-02-13Name : Fedora Update for moodle FEDORA-2008-11550
File : nvt/gb_fedora_2008_11550_moodle_fc10.nasl
2009-02-13Name : Fedora Update for moodle FEDORA-2008-11577
File : nvt/gb_fedora_2008_11577_moodle_fc9.nasl
2009-02-13Name : Fedora Core 9 FEDORA-2009-1641 (moodle)
File : nvt/fcore_2009_1641.nasl
2009-01-26Name : Fedora Core 9 FEDORA-2009-0814 (moodle)
File : nvt/fcore_2009_0814.nasl
2009-01-26Name : Fedora Core 10 FEDORA-2009-0819 (moodle)
File : nvt/fcore_2009_0819.nasl
2008-12-29Name : Ubuntu USN-698-2 (nagios3)
File : nvt/ubuntu_698_2.nasl
2008-12-29Name : Ubuntu USN-699-1 (blender)
File : nvt/ubuntu_699_1.nasl
2008-12-29Name : Debian Security Advisory DSA 1691-1 (moodle)
File : nvt/deb_1691_1.nasl
2008-11-01Name : FreeBSD Ports: wordpress, de-wordpress, wordpress-mu
File : nvt/freebsd_wordpress8.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
49261Snoopy _httpsrequest() Function Arbitrary Shell Command Injection

Nessus® Vulnerability Scanner

DateDescription
2017-10-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-899.nasl - Type : ACT_GATHER_INFO
2017-02-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201702-26.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1871.nasl - Type : ACT_GATHER_INFO
2009-06-25Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-791-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2008-9903.nasl - Type : ACT_GATHER_INFO
2008-12-22Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1691.nasl - Type : ACT_GATHER_INFO
2008-11-09Name : The remote Fedora host is missing a security update.
File : fedora_2008-9502.nasl - Type : ACT_GATHER_INFO
2008-11-09Name : The remote Fedora host is missing a security update.
File : fedora_2008-9508.nasl - Type : ACT_GATHER_INFO
2008-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2008-9257.nasl - Type : ACT_GATHER_INFO
2008-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2008-9304.nasl - Type : ACT_GATHER_INFO
2008-10-27Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3a4a3e9ca1fe11dd81be001c2514716c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/31887
BUGTRAQ http://www.securityfocus.com/archive/1/496068/100/0/threaded
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=879959
https://www.nagios.org/projects/nagios-core/history/4x/
DEBIAN http://www.debian.org/security/2008/dsa-1691
http://www.debian.org/security/2009/dsa-1871
GENTOO https://security.gentoo.org/glsa/201702-26
JVN http://jvn.jp/en/jp/JVN20502807/index.html
JVNDB http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
MLIST http://www.openwall.com/lists/oss-security/2008/11/01/1
VUPEN http://www.vupen.com/english/advisories/2008/2901
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46068

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2018-10-12 00:20:29
  • Multiple Updates
2017-10-05 13:24:46
  • Multiple Updates
2017-08-08 09:24:28
  • Multiple Updates
2017-07-01 09:23:09
  • Multiple Updates
2017-02-22 13:21:09
  • Multiple Updates
2016-12-20 09:24:43
  • Multiple Updates
2016-04-26 17:58:03
  • Multiple Updates
2014-02-17 10:47:04
  • Multiple Updates
2013-05-11 00:29:20
  • Multiple Updates