Vulnerabilities > CVE-2014-2888 - Unspecified vulnerability in Herry Sfpagent

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

herry

NVD

Published: 2014-04-23

Updated: 2014-05-10

Summary

lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

Vulnerable Configurations

Part	Description	Count
Application	Herry Herry Sfpagent 0.0.1 Herry Sfpagent 0.1.0 Herry Sfpagent 0.1.1 Herry Sfpagent 0.1.2 Herry Sfpagent 0.1.3 Herry Sfpagent 0.1.4 Herry Sfpagent 0.1.5 Herry Sfpagent 0.1.6 Herry Sfpagent 0.1.7 Herry Sfpagent 0.1.8 Herry Sfpagent 0.1.9 Herry Sfpagent 0.1.10 Herry Sfpagent 0.1.11 Herry Sfpagent 0.1.12 Herry Sfpagent 0.1.13 Herry Sfpagent 0.1.14 Herry Sfpagent 0.2.0 Herry Sfpagent 0.2.1 Herry Sfpagent 0.2.2 Herry Sfpagent 0.2.3 Herry Sfpagent 0.2.4 Herry Sfpagent 0.2.5 Herry Sfpagent 0.2.6 Herry Sfpagent 0.2.7 Herry Sfpagent 0.2.8 Herry Sfpagent 0.2.9 Herry Sfpagent 0.2.10 Herry Sfpagent 0.3.0 Herry Sfpagent 0.3.1 Herry Sfpagent 0.3.2 Herry Sfpagent 0.3.3 Herry Sfpagent 0.3.4 Herry Sfpagent 0.3.5 Herry Sfpagent 0.3.6 Herry Sfpagent 0.3.7 Herry Sfpagent 0.3.8 Herry Sfpagent 0.3.9 Herry Sfpagent 0.3.10 Herry Sfpagent 0.4.0 Herry Sfpagent 0.4.1 Herry Sfpagent 0.4.2 Herry Sfpagent 0.4.3 Herry Sfpagent 0.4.4 Herry Sfpagent 0.4.5 Herry Sfpagent 0.4.6 Herry Sfpagent 0.4.7 Herry Sfpagent 0.4.8 Herry Sfpagent 0.4.9 Herry Sfpagent 0.4.10 Herry Sfpagent 0.4.11 Herry Sfpagent 0.4.12 Herry Sfpagent 0.4.13 Herry Sfpagent 0.4.14	53

Packetstorm

data source	https://packetstormsecurity.com/files/download/126223/rubysfpagent-exec.txt
id	PACKETSTORM:126223
last seen	2016-12-05
published	2014-04-18
reporter	Larry W. Cashdollar
source	https://packetstormsecurity.com/files/126223/Ruby-Gem-sfpagent-0.4.14-Command-Injection.html
title	Ruby Gem sfpagent 0.4.14 Command Injection

Summary

Vulnerable Configurations

Packetstorm

References