NVD

Id
40220  
Name
CVE-2013-4663  
Description
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-12-27  
Modified Date
2014-12-29  
Seq
2013-4663  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
204610 40220 CVE-2013-4663 http://www.sec-1.com/blog/2013/redmine-git-hosting-plugin-remote-command-execution  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25141 JVNDB-2013-006718 Redmine 用 redmine_git_hosting プラグインの git_http_controller.rb における任意のコマンドを実行される脆弱性 Redmine 用 redmine_git_hosting プラグインの git_http_controller.rb には、任意のコマンドを実行される脆弱性が存在します。 CVE-2013-4663 64605 CVE-2013-4663 40220 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-006718.html 2013-08-16 2015-01-06 View