[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-5093Date: (C)2013-10-09   (M)2023-12-22


The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
EXPLOIT-DB-27752
SECUNIA-54556
BID-61894
OSVDB-96436
http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb

CPE    6
cpe:/a:graphite_project:graphite:0.9.8
cpe:/a:graphite_project:graphite:0.9.7
cpe:/a:graphite_project:graphite:0.9.10
cpe:/a:graphite_project:graphite:0.9.9
...
CWE    1
CWE-94
OVAL    2
oval:org.secpod.oval:def:105917
oval:org.secpod.oval:def:105915

© SecPod Technologies