admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2017-11610

Browse Source
This commit is contained in:
tardc 2020-07-06 16:04:14 +08:00
parent cd3926ce17
commit 397ba37e4f
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Supervisor/CVE-2017-11610/CVE-2017-11610.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 999 KiB

11
Supervisor/CVE-2017-11610/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2017-11610 Supervisor XML-RPC Authenticated Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
**Affected version**: supervisor < 3.0.1, 3.1.x - 3.1.4, 3.2.x - 3.2.4, 3.3.x - 3.3.3
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJCRUEtV2ViTG9naWMtU2VydmVyIg%3D%3D) query rule**: app="supervisord" || title="Supervisor Status"
# Demo
![](CVE-2017-11610.gif)