CVE-2008-7315

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2015/10/08/6	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/77031/info	Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448	Third Party Advisory
https://rt.cpan.org/Public/Bug/Display.html?id=107364	Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2008-7315/	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/08/6	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/77031/info	Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448	Third Party Advisory
https://rt.cpan.org/Public/Bug/Display.html?id=107364	Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2008-7315/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cpan:ui\:\:dialog:0.01:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.02:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.03:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.04:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.05:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.06:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.07:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.08:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.09:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.10:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.11:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.12:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.13:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.14:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.15:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.16:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.17:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.18:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.19:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.20:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:0.21:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.00:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.01:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.02:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.03:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.04:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.05:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.06:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.07:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.08:::::::*
	cpe:2.3:a:cpan:ui\:\:dialog:1.09:::::::*

History

21 Nov 2024, 00:58

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2015/10/08/6 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2015/10/08/6 - Mailing List, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/77031/info - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/77031/info - Third Party Advisory, VDB Entry
References	~~() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448 - Third Party Advisory~~	() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448 - Third Party Advisory
References	~~() https://rt.cpan.org/Public/Bug/Display.html?id=107364 - Vendor Advisory~~	() https://rt.cpan.org/Public/Bug/Display.html?id=107364 - Vendor Advisory
References	~~() https://security-tracker.debian.org/tracker/CVE-2008-7315/ - Third Party Advisory~~	() https://security-tracker.debian.org/tracker/CVE-2008-7315/ - Third Party Advisory

Information

Published : 2017-10-10 16:29

Updated : 2024-11-21 00:58

NVD link : CVE-2008-7315

Mitre link : CVE-2008-7315

CVE.ORG link : CVE-2008-7315

JSON object : View

Products Affected

cpan

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2008-7315", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-10T16:29:00.197", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/10/08/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/77031/info", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://rt.cpan.org/Public/Bug/Display.html?id=107364", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2008-7315/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/10/08/6", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/77031/info", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://rt.cpan.org/Public/Bug/Display.html?id=107364", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2008-7315/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands."}, {"lang": "es", "value": "UI-Dialog en versiones 1.09 y anteriores permite que atacantes remotos ejecuten comandos arbitrarios."}], "lastModified": "2024-11-21T00:58:48.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2082B10D-2B35-4F41-967E-1586EDEB0217"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4A3F8F-1299-496E-8218-D4A645E15C83"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1842AC6-1606-4818-8AA2-6A341D6D671D"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48735977-63D7-4A76-99A3-5F45EA03F486"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB735A69-27FE-4D22-BB00-0C0A52C0D1FA"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6E6046-BE7E-4AD6-973A-75DCAB9495F0"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8F6E8BF-673B-4234-9F58-9448F67A42B5"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8ED075C-84CD-4580-8B80-CEE27B1099D9"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293C9B84-F11C-4447-91EE-9D76B1624CEE"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1DBBB37-BE4C-4648-A95B-F9089E5C076E"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D00D66D9-9782-403F-B203-F5266DA086D7"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EEA1206-BD34-4F16-9D5A-7F094A9E6ED4"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DDA4A48-D3A0-4BFE-BA71-448AE6AF2F9F"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865E4E29-8C1E-42CE-A85F-4BAE709F9FB1"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21795B6B-F358-4F25-8BA3-A6088AC5E77F"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255AF8D7-8804-4B23-B680-9FDB2994C724"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCD629E0-347B-480D-B3FF-198567D8B51A"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DEA4C6B-412D-4306-8D6C-C6FC4CEFDA84"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9C0EE3-028E-4CE9-BAE9-C6DDAC483C12"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59F6591B-3A14-4FF2-BDD6-3DCDDC6EB410"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D886B98-B66B-49FF-B5D2-BCB8D7AABCD3"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "562F1296-9CD3-4E18-A60E-1D85CA595105"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9205800B-1EE0-4C14-884E-2B0E5AFB4893"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ED3036E-781F-41B2-9852-4FE55E418B2B"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C93C4904-2944-4520-B819-FB41FB90E51F"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDF3A22A-AD20-4E53-B0BB-F21C9612627C"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D9143CD-26B9-4565-8B44-7F06FF79CD2D"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6945F17E-52EA-4A0C-9597-7D4109A3CB3E"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADA67794-1ABE-47DF-922C-54AA5832C848"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4364AC3-32B8-4821-9370-E8AA9231969D"}, {"criteria": "cpe:2.3:a:cpan:ui\\:\\:dialog:1.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84C26531-981D-4BEA-85E7-FD9F254CEBCB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10