header-logo
Suggest Exploit
vendor:
BitKeeper
by:
Unknown
5.5
CVSS
MEDIUM
Input Validation
20
CWE
Product Name: BitKeeper
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:bitkeeper:bitkeeper
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

BitKeeper Input Validation Bug

BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute arbitrary commands.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6588/info

It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands. 

http://www.example.com:port/diffs/foo.c@%27;echo%20%3Eiwashere%27?nav=index.html|src/|hist/foo.c

Navigation

Suggest Exploit

Services By CQR