CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-7313

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile35.37th
Published2017年3月31日
Last Modified2026年5月13日

Vulnerability Description

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

Affected Platforms (CPE)

📦
Snoopy

Snoopy

All versions
📦
Redhat

Openstack

= 5.0
📦
Redhat

Openstack

= 6.0
📦
Nagios

Nagios

<= 4.2.3

References & Advisories

🔗 http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
🔗 http://www.openwall.com/lists/oss-security/2014/07/09/11
🔗 http://www.openwall.com/lists/oss-security/2014/07/16/10
🔗 http://www.openwall.com/lists/oss-security/2014/07/18/2
🔗 http://www.securityfocus.com/bid/68776
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1121497
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/94737
🔗 https://rhn.redhat.com/errata/RHSA-2017-0211.html

相关漏洞威胁

CVE-2008-479610.0

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) m...

CVE-2018-157089.8

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2002-24449.8

Snoopy before 2.0.0 has a security hole in exec cURL

CVE-2014-50089.8

Snoopy allows remote attackers to execute arbitrary commands.