Vulnerabilities > CVE-2001-0808 - Unspecified vulnerability in Yngve Svendsen Gnatsweb

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

yngve-svendsen

critical

NVD

Published: 2001-12-06

Updated: 2017-12-19

Summary

gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.

Vulnerable Configurations

Part	Description	Count
Application	Yngve_Svendsen Yngve Svendsen Gnatsweb 2.7_Beta Yngve Svendsen Gnatsweb 2.8.0 Yngve Svendsen Gnatsweb 2.8.1 Yngve Svendsen Gnatsweb 3.95	4

References

http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html
http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6753