Detections
Analytics

CVE-2008-5916

high

Description

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

References

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/47528

http://www.ubuntu.com/usn/USN-723-1

http://www.openwall.com/lists/oss-security/2009/01/20/2

http://www.openwall.com/lists/oss-security/2009/01/15/2

http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml

http://securityreason.com/securityalert/4922

http://secunia.com/advisories/34194

http://secunia.com/advisories/33964

http://secunia.com/advisories/33282

http://osvdb.org/50918

http://marc.info/?l=linux-kernel&m=122975564100863&w=2:

http://marc.info/?l=git&m=122975564100860&w=2

Details

Source: Mitre, NVD

Published: 2009-01-21

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High