CVE-2011-1904
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue.
Una función no especificada en la interfaz web de Proofpoint Messaging Security Gateway v6.2.0.263:6.2.0.237 y anterior en Proofpoint Protection Server v5.5.3, v5.5.4, v5.5.5, v6.0.2, v6.1.1 y v6.2.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, relacionados con un problema de "inyección de comandos".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-05-05 CVE Reserved
- 2011-05-05 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/790980 | Third Party Advisory |
|
| https://support.proofpoint.com/article.cgi?article_id=338413 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Proofpoint Search vendor "Proofpoint" | Messaging Security Gateway Search vendor "Proofpoint" for product "Messaging Security Gateway" | <= 6.2.0.263\:6.2.0.237 Search vendor "Proofpoint" for product "Messaging Security Gateway" and version " <= 6.2.0.263\:6.2.0.237" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 5.5.3 Search vendor "Proofpoint" for product "Protection Server" and version "5.5.3" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 5.5.4 Search vendor "Proofpoint" for product "Protection Server" and version "5.5.4" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 5.5.5 Search vendor "Proofpoint" for product "Protection Server" and version "5.5.5" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 6.0.2 Search vendor "Proofpoint" for product "Protection Server" and version "6.0.2" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 6.1.1 Search vendor "Proofpoint" for product "Protection Server" and version "6.1.1" | - |
Affected
| ||||||
| Proofpoint Search vendor "Proofpoint" | Protection Server Search vendor "Proofpoint" for product "Protection Server" | 6.2.0 Search vendor "Proofpoint" for product "Protection Server" and version "6.2.0" | - |
Affected
| ||||||