Vulnerability Details CVE-2014-0479
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://secunia.com/advisories/59896
- http://www.debian.org/security/2014/dsa-2997
- http://www.osvdb.org/109858
- http://www.securityfocus.com/bid/69055
- https://bugs.launchpad.net/ubuntu/+source/reportbug/+bug/1353046
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95149
- http://secunia.com/advisories/59896
- http://www.debian.org/security/2014/dsa-2997
- http://www.osvdb.org/109858
- http://www.securityfocus.com/bid/69055
- https://bugs.launchpad.net/ubuntu/+source/reportbug/+bug/1353046
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95149
Products affected by CVE-2014-0479
-
cpe:2.3:a:canonical:reportbug:6.5.0
-
cpe:2.3:a:debian:reportbug:-
-
cpe:2.3:a:debian:reportbug:2.60
-
cpe:2.3:a:debian:reportbug:2.61
-
cpe:2.3:a:debian:reportbug:3.2
-
cpe:2.3:a:debian:reportbug:6.4.4