Executive Summary

Informations
Name CVE-2014-3496 First vendor Publication 2014-06-20
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3496

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Application 3

Sources (Detail)

http://rhn.redhat.com/errata/RHSA-2014-0762.html
http://rhn.redhat.com/errata/RHSA-2014-0763.html
http://rhn.redhat.com/errata/RHSA-2014-0764.html
http://secunia.com/advisories/59298
https://bugzilla.redhat.com/show_bug.cgi?id=1110470
https://github.com/openshift/origin-server/pull/5521
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 12:40:53
  • Multiple Updates
2023-02-13 05:28:20
  • Multiple Updates
2023-02-03 00:28:34
  • Multiple Updates
2021-05-04 12:32:19
  • Multiple Updates
2021-04-22 01:39:24
  • Multiple Updates
2020-05-23 00:41:04
  • Multiple Updates
2017-01-07 09:25:35
  • Multiple Updates
2014-06-23 21:22:30
  • Multiple Updates
2014-06-20 21:27:31
  • First insertion