Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2017-9462First vendor Publication2017-06-06
VendorCveLast vendor Modification2019-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score9Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9462

CWE : Common Weakness Enumeration

%idName
100 %CWE-732Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application131
Os2
Os2
Os2
Os3
Os4
Os2
Os2

Metasploit Database

idDescription
2017-04-18 Mercurial Custom hg-ssh Wrapper Remote Code Exec

Nessus® Vulnerability Scanner

DateDescription
2017-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201709-18.nasl - Type : ACT_GATHER_INFO
2017-09-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3963.nasl - Type : ACT_GATHER_INFO
2017-08-14Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2017-1132.nasl - Type : ACT_GATHER_INFO
2017-08-14Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2017-1133.nasl - Type : ACT_GATHER_INFO
2017-07-13Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-1576.nasl - Type : ACT_GATHER_INFO
2017-06-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-1576.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/99123
CONFIRM https://bugs.debian.org/861243
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
DEBIAN http://www.debian.org/security/2017/dsa-3963
GENTOO https://security.gentoo.org/glsa/201709-18
MLIST https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
REDHAT https://access.redhat.com/errata/RHSA-2017:1576

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
DateInformations
2019-10-03 09:20:39
  • Multiple Updates
2019-05-01 12:09:02
  • Multiple Updates
2019-03-14 21:19:45
  • Multiple Updates
2018-07-09 05:18:01
  • Multiple Updates
2018-04-16 01:04:53
  • Multiple Updates
2018-01-05 09:24:26
  • Multiple Updates
2017-11-06 09:22:46
  • Multiple Updates
2017-10-14 12:03:15
  • Multiple Updates
2017-09-26 13:24:57
  • Multiple Updates
2017-09-26 09:24:09
  • Multiple Updates
2017-09-06 13:25:19
  • Multiple Updates
2017-08-15 13:24:52
  • Multiple Updates
2017-07-14 13:24:51
  • Multiple Updates
2017-07-08 13:24:44
  • Multiple Updates
2017-07-01 13:24:15
  • Multiple Updates
2017-06-30 13:24:09
  • Multiple Updates
2017-06-29 13:23:35
  • Multiple Updates
2017-06-28 13:23:48
  • Multiple Updates
2017-06-21 09:23:13
  • Multiple Updates
2017-06-17 13:23:43
  • Multiple Updates
2017-06-09 00:22:45
  • Multiple Updates
2017-06-08 17:23:22
  • Multiple Updates
2017-06-07 05:18:46
  • First insertion