vendor:
Secure Global Desktop & Oracle Global desktop
by:
lastc0de@outlook.com
9,3
CVSS
HIGH
ShellShock
78
CWE
Product Name: Secure Global Desktop & Oracle Global desktop
Affected Version From: 4.61.915
Affected Version To: 4.61.915
Patch Exists: YES
Related CWE: N/A
CPE: a:sun:secure_global_desktop
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2016
ShellShock On Sun Secure Global Desktop & Oracle Global desktop
A vulnerability exists in Sun Secure Global Desktop & Oracle Global desktop due to improper validation of user-supplied input in the 'modules.cgi' script. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system with the privileges of the web server. The vulnerability is due to the 'modules.cgi' script not properly sanitizing user-supplied input to the 'module' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing shell metacharacters to the vulnerable script. This can allow the attacker to execute arbitrary commands on the vulnerable system with the privileges of the web server.
Mitigation:
Upgrade to the latest version of Sun Secure Global Desktop & Oracle Global desktop.
