admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Supervisor/CVE-2017-11610
History
tardc 7c9f196a40 Add another gif
2020-07-10 17:22:29 +08:00
..
CVE-2017-11610_1.gif
Add another gif
2020-07-10 17:22:29 +08:00
CVE-2017-11610.gif
Add CVE-2017-11610
2020-07-06 16:04:14 +08:00
README.md
Add CVE-2017-11610
2020-07-06 16:04:14 +08:00

README.md

CVE-2017-11610 Supervisor XML-RPC Authenticated Remote Code Execution

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Affected version: supervisor < 3.0.1, 3.1.x - 3.1.4, 3.2.x - 3.2.4, 3.3.x - 3.3.3

FOFA query rule: app="supervisord" || title="Supervisor Status"

Demo