CVE-2010-0418

Published Mar 10, 2010

Last updated a month ago

CVSS info 10.0

Overview

Description: The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
Source: secalert@redhat.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:chumby:chumby_one:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF26EF3E-E017-41C6-A112-B10C61AFE3DE",
            "versionEndIncluding": "1.0.3"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_one:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4836FAB8-3BDE-4A01-9522-5D54880466AD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECD144DE-209E-443C-B38E-AE82E1DBD9B8",
            "versionEndIncluding": "1.7.1"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0188FDD0-D6A0-4C27-9161-D9728FB1FAD0"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6923B49-66EA-4D09-BB19-CE49A63BB555"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B31FE94-420C-4106-8E7A-3204C21D7166"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "137F3196-529E-4A58-A98D-E2296F6881C4"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F8591A5-15B5-44AD-BB5D-16D8FB89EADF"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7105C0F0-D9FD-41B5-93E4-AB98B19AA606"
          },
          {
            "criteria": "cpe:2.3:h:chumby:chumby_classic:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3785F22-4D82-4E95-927B-0BD2E42EABEA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References