Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2008-4796 First vendor Publication 2008-10-30
Vendor Cve Last vendor Modification 2021-09-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-88 OS Command Injection
CAPEC-108 Command Line Execution through SQL Injection

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 84
Application 168
Os 2

OpenVAS Exploits

Date Description
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13040 (moodle)
File : nvt/fcore_2009_13040.nasl
2009-09-02 Name : Debian Security Advisory DSA 1871-1 (wordpress)
File : nvt/deb_1871_1.nasl
2009-09-02 Name : Debian Security Advisory DSA 1871-2 (wordpress)
File : nvt/deb_1871_2.nasl
2009-06-30 Name : Ubuntu USN-791-1 (moodle)
File : nvt/ubuntu_791_1.nasl
2009-06-05 Name : Ubuntu USN-698-1 (nagios)
File : nvt/ubuntu_698_1.nasl
2009-04-06 Name : Fedora Core 10 FEDORA-2009-3280 (moodle)
File : nvt/fcore_2009_3280.nasl
2009-04-06 Name : Fedora Core 9 FEDORA-2009-3283 (moodle)
File : nvt/fcore_2009_3283.nasl
2009-02-18 Name : Fedora Core 10 FEDORA-2009-1699 (moodle)
File : nvt/fcore_2009_1699.nasl
2009-02-17 Name : Fedora Update for moodle FEDORA-2008-9903
File : nvt/gb_fedora_2008_9903_moodle_fc10.nasl
2009-02-17 Name : Fedora Update for wordpress FEDORA-2008-9257
File : nvt/gb_fedora_2008_9257_wordpress_fc9.nasl
2009-02-17 Name : Fedora Update for wordpress FEDORA-2008-9304
File : nvt/gb_fedora_2008_9304_wordpress_fc8.nasl
2009-02-17 Name : Fedora Update for moodle FEDORA-2008-9502
File : nvt/gb_fedora_2008_9502_moodle_fc8.nasl
2009-02-17 Name : Fedora Update for moodle FEDORA-2008-9508
File : nvt/gb_fedora_2008_9508_moodle_fc9.nasl
2009-02-13 Name : Fedora Core 9 FEDORA-2009-1641 (moodle)
File : nvt/fcore_2009_1641.nasl
2009-02-13 Name : Fedora Update for moodle FEDORA-2008-11550
File : nvt/gb_fedora_2008_11550_moodle_fc10.nasl
2009-02-13 Name : Fedora Update for moodle FEDORA-2008-11577
File : nvt/gb_fedora_2008_11577_moodle_fc9.nasl
2009-01-26 Name : Fedora Core 9 FEDORA-2009-0814 (moodle)
File : nvt/fcore_2009_0814.nasl
2009-01-26 Name : Fedora Core 10 FEDORA-2009-0819 (moodle)
File : nvt/fcore_2009_0819.nasl
2008-12-29 Name : Ubuntu USN-698-2 (nagios3)
File : nvt/ubuntu_698_2.nasl
2008-12-29 Name : Ubuntu USN-699-1 (blender)
File : nvt/ubuntu_699_1.nasl
2008-12-29 Name : Debian Security Advisory DSA 1691-1 (moodle)
File : nvt/deb_1691_1.nasl
2008-11-01 Name : FreeBSD Ports: wordpress, de-wordpress, wordpress-mu
File : nvt/freebsd_wordpress8.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
49261 Snoopy _httpsrequest() Function Arbitrary Shell Command Injection

Nessus® Vulnerability Scanner

Date Description
2017-10-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-899.nasl - Type : ACT_GATHER_INFO
2017-02-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201702-26.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1871.nasl - Type : ACT_GATHER_INFO
2009-06-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-791-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9903.nasl - Type : ACT_GATHER_INFO
2008-12-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1691.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9502.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9508.nasl - Type : ACT_GATHER_INFO
2008-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9257.nasl - Type : ACT_GATHER_INFO
2008-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9304.nasl - Type : ACT_GATHER_INFO
2008-10-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3a4a3e9ca1fe11dd81be001c2514716c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/31887
BUGTRAQ http://www.securityfocus.com/archive/1/496068/100/0/threaded
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=879959
https://www.nagios.org/projects/nagios-core/history/4x/
DEBIAN http://www.debian.org/security/2008/dsa-1691
http://www.debian.org/security/2009/dsa-1871
GENTOO https://security.gentoo.org/glsa/201702-26
JVN http://jvn.jp/en/jp/JVN20502807/index.html
JVNDB http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
MLIST http://www.openwall.com/lists/oss-security/2008/11/01/1
SECUNIA http://secunia.com/advisories/32361
VUPEN http://www.vupen.com/english/advisories/2008/2901
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46068

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2022-10-11 12:07:49
  • Multiple Updates
2022-10-11 01:02:31
  • Multiple Updates
2021-09-30 21:23:48
  • Multiple Updates
2021-05-04 12:08:16
  • Multiple Updates
2021-04-22 01:08:37
  • Multiple Updates
2020-05-23 00:22:28
  • Multiple Updates
2018-10-12 00:20:29
  • Multiple Updates
2017-10-05 13:24:46
  • Multiple Updates
2017-08-08 09:24:28
  • Multiple Updates
2017-07-01 09:23:09
  • Multiple Updates
2017-02-22 13:21:09
  • Multiple Updates
2016-12-20 09:24:43
  • Multiple Updates
2016-04-26 17:58:03
  • Multiple Updates
2014-02-17 10:47:04
  • Multiple Updates
2013-05-11 00:29:20
  • Multiple Updates