CVE-2014-0007

Published: Jun 20, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

Affected (6)

Products: Theforeman: Foreman

Theforeman

1 product

Foreman

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Up to 1.4.4
Theforeman Foreman	Version 1.4.0
Theforeman Foreman	Version 1.4.1
Theforeman Foreman	Version 1.4.2
Theforeman Foreman	Version 1.4.3
Theforeman Foreman	Version 1.5.0

References (4)

http://projects.theforeman.org/issues/6086

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2014-0770.html

Source: secalert@redhat.com

http://projects.theforeman.org/issues/6086

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2014-0770.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.