Vulnerabilities > CVE-2014-2888 - Unspecified vulnerability in Herry Sfpagent
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/126223/rubysfpagent-exec.txt |
id | PACKETSTORM:126223 |
last seen | 2016-12-05 |
published | 2014-04-18 |
reporter | Larry W. Cashdollar |
source | https://packetstormsecurity.com/files/126223/Ruby-Gem-sfpagent-0.4.14-Command-Injection.html |
title | Ruby Gem sfpagent 0.4.14 Command Injection |