CVE-2014-7178
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.tuleap.org/recent-vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| enalean | tuleap | {"endIncluding":"7.5.99.5"} | |
References
- http://seclists.org/fulldisclosure/2014/Oct/121
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/
- https://www.tuleap.org/recent-vulnerabilities
- http://seclists.org/fulldisclosure/2014/Oct/121
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/
- https://www.tuleap.org/recent-vulnerabilities
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.