NVD

Id
10818  
Name
CVE-2011-4357  
Description
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2011-12-10  
Modified Date
2011-12-12  
Seq
2011-4357  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
60795 10818 CVE-2011-4357 http://code.google.com/p/clearsilver/source/detail?r=919  View
60796 10818 CVE-2011-4357 http://tech.groups.yahoo.com/group/ClearSilver/message/1422  View
60797 10818 CVE-2011-4357 DSA-2355  View
60798 10818 CVE-2011-4357 [oss-security] 20111127 CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module  View
60799 10818 CVE-2011-4357 clearsilver-neocgi-format-string(71599)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
33098 JVNDB-2011-003338 Clearsilver の p_cgi_error 関数におけるサービス運用妨害 (クラッシュ) の脆弱性 Clearsilver の Python CGI Kit (neo_cgi) モジュール内の python/neo_cgi.c の p_cgi_error 関数には、サービス運用妨害 (クラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。 CVE-2011-4357 52264 CVE-2011-4357 10818 7.5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003338.html 2011-11-28 2011-12-13 View