CVE-2017-17459
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
http_transport.c en Fossil en versiones anteriores a la 2.4, cuando se utiliza el protocolo SSH sync, permite que atacantes remotos asistidos por un usuario ejecuten comandos arbitrarios mediante una URL ssh con un carácter guión inicial en el nombre del host. Esta vulnerabilidad está relacionada con CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116 y CVE-2017-1000117.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-07 CVE Reserved
- 2017-12-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.opensuse.org/show_bug.cgi?id=1071709 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.fossil-scm.org/xfer/info/1f63db591c77108c | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fossil Scm Search vendor "Fossil Scm" | Fossil Search vendor "Fossil Scm" for product "Fossil" | < 2.4 Search vendor "Fossil Scm" for product "Fossil" and version " < 2.4" | - |
Affected
|