CVE-2022-44794 Object First has an issue where a remote attacker can execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters.

CVE-2022-44794 Object First has an issue where a remote attacker can execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters.

An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611. In Object First 1.0.7.712, a remote attacker can execute arbitrary code with root privileges by sending specially crafted HTTP request.
This vulnerability is fixed in 1.0.13.1611. The vulnerability is triggered when a remote attacker sends specially crafted HTTP request to Object First server. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.
This vulnerability has been assigned with CVE-2017-17652.
An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.

An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges

Object First 1.0.13.1611 – Apache Struts vulnerability fix

Fixes the CVE-2017-17652 vulnerability: - The Apache Struts vulnerability in 1.0.7.712 was fixed and a new version was released.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe