|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-05-25 | |
| Rule Name: | Supervisor XML-RPC Authenticated Remote Code Execution Vulnerability (CVE-2017-11610) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux,Other Unix, Others | |
| Reference: | ExploitDB:42779 http://www.debian.org/security/2017/dsa-3942 https://access.redhat.com/errata/RHSA-2017:3005 https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://github.com/Supervisor/supervisor/issues/964 |