Signature Detail
Short Name |
HTTP:EXPLOIT:REDMINE-CMD-EXEC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Redmine SCM Repository Arbitrary Command Execution |
Release Date |
2011/01/18 |
Update Number |
1849 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Redmine SCM Repository Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability against Redmine SCM Repository. A successful attack can lead to arbitrary code execution.
Extended Description
Redmine is prone to an information-disclosure vulnerability, an HTML-injection vulnerability, and a command-injection vulnerability. Exploiting these issues could allow an attacker to gain access to potentially sensitive information, inject arbitrary HTML code into the application, steal cookie-based authentication credentials, and execute arbitrary commands in the context of the webserver. Redmine versions prior to 1.0.5 are vulnerable.
Affected Products
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Redmine 0.7.2
- Redmine 0.7.3
- Redmine 0.8.5
- Redmine 0.8.6
- Redmine 0.8.7
- Redmine 0.9
- Redmine 1.0
- Redmine 1.0.1
- Redmine 1.0.4
References
- BugTraq: 45571
- URL: http://www.redmine.org/news/49
- URL: http://www.redmine.org/