oss-sec mailing list archives
Re: RCE, XSS and HTTP header injection in fli4l web interface
From: cve-assign () mitre org
Date: Sun, 1 Feb 2015 07:51:07 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
arbitrary command execution,
For the "execute arbitrary programs" issues, can you provide specific names for the vulnerability types, or any equivalent information? The paragraphs about include/cgi-helper and admin/pf.cgi aren't sufficient to determine the number of CVE IDs.
The vulnerability-type information was sent to MITRE without a Cc to oss-security. Perhaps it will be sent here later. include/cgi-helper and admin/pf.cgi have the same vulnerability type. Use CVE-2015-1443 for both of these.
XSS vulnerabilities
Use CVE-2015-1444 for all of these.
HTTP header injection.
Use CVE-2015-1445. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUziDZAAoJEKllVAevmvmsoN8H/1zAC7qaa/6zqK9GxPq+pAH9 YRA4fhkNYgEzXBAt1X74Q5VaIRwVLqkyu1q7C+z8dPv28UK7vLkwW2VX+kr1nIjP AWQay4ZL4Co/0JLHrwjnTfT3rNwb1lPWbIEimxP+CaTzNsi9VyXf7YOrGOFmtaXk CSnztxVT9HTu0mVr3NGdmTk/2nmEmApsguoRXgr9XlO4k2DlFJNjH1x1rN8HT967 LpgirymP7NyZEsVMOu9vQxnM9//OVkROoIlvvrZ6bYuRrdH0vU5SS4+mvvll788h 6neXVJnXZtXwtNodHSt+6TYXd9hq+iuAhUnsgs9s0b9y39iv9N7QgNHomXg1LLg= =fTWW -----END PGP SIGNATURE-----
Current thread:
- RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)