CVE-2014-2888 (GCVE-0-2014-2888)
Vulnerability from cvelistv5
Published
2014-04-23 14:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"
},
{
"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"
},
{
"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/243"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"
},
{
"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"
},
{
"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/243"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/16/1"
},
{
"name": "[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/4"
},
{
"name": "20140418 Remote Command Injection in Ruby Gem sfpagent 0.4.14",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/243"
},
{
"name": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2888",
"datePublished": "2014-04-23T14:00:00",
"dateReserved": "2014-04-17T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-2888\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-04-23T15:55:04.860\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.\"},{\"lang\":\"es\",\"value\":\"lib/sfpagent/bsig.rb en la gema sfpagent anterior a 0.4.15 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el nombre de m\u00f3dulo en una solicitud JSON.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:*:*:*:*:*:ruby:*:*\",\"versionEndIncluding\":\"0.4.14\",\"matchCriteriaId\":\"CF951D46-BF0B-40A1-8B9E-F4D2F618C93A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.0.1:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"C53509B4-16E5-47E4-A097-8A79DCD52AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"5BE357DB-FC1B-4A58-9B2E-6B31C2BE6BA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.1:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"DD0F6D51-6431-44FB-9F9E-B83B0338AD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.2:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"7AA99F3D-E03D-4D42-847C-0679F4C67F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.3:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"5BDB38BC-B869-43DA-84A7-6D131B194A12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.4:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"13201B95-819F-4B7D-88E2-4F825C6E8E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.5:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"CF9BF2B5-8471-475C-B999-400C84221E2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.6:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"2FCC9BAD-0B13-423C-9ECB-F3EAF76844A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.7:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"A3EA2692-14AA-41FE-8AB7-B532D2CBFBB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.8:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"7CDDB663-E630-4B70-8733-CBB3ABB48130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.9:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"8CC6193B-4BB0-4D7E-ACE7-55C640CF9A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.10:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"8DDF001C-C364-48FA-A989-E4C2397FA3CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.11:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"550671DE-E1A5-40AC-9AD7-75A255933261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.12:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"A24807E4-1DD2-43EE-BE30-20C6649FD674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.13:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"A73DA277-6A35-4FCE-9B31-11671E7DB477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.1.14:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"8337E8C8-1CAB-45C1-9EB4-1C4443672DDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"C3CBD4AA-0282-4F58-8195-14B17B94549B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.1:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"C2504A5F-F57B-4CEA-9B7D-5C77FD016C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.2:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"BD2FE4C1-58E8-4589-A07A-8B95810CE8AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.3:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"4631B2C7-33F3-4145-A3F7-80EFB3047C39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.4:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"DA35B84A-D14C-4468-B84F-1E00AF83A0E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.5:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"D047C5A3-D150-4DAA-B71E-D5893BBB1889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.6:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"EC2DC8BB-B71D-48C6-9CC3-EFD73CCDC67C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.7:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"F439D5E9-1D16-4D6B-A032-DAB6DC6C9BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.8:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"BBE8A548-0F81-448D-9FE6-D45503EFE3BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.9:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"5DE265F0-8639-4196-8AA7-FF918E237331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.2.10:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"2F208C46-A877-4770-AFE0-13A34A02276F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"04FA09F3-73CE-40F0-A518-07C19B1EBF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.1:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"775DD4C0-1046-4C92-BE2D-C9243D9D1F6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.2:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"E1B2B8FF-8D7F-4F6E-8A5B-49A59AC1C2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.3:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"B1EB8F2B-558C-43B0-9636-5B7142FE4F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.4:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"B092671D-D794-4B8A-8CAC-18FFD5D687D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.5:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"1924BD77-60FC-4534-9182-0B8D0A315195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.6:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"022018AD-B4D2-47DA-A9DA-81BD767A0723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.7:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"CFE97D1C-3915-4051-ABCF-4930A3D5EEFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.8:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"1EBCA3B0-0022-435B-972A-621CABAD9ACC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.9:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"4A8CB4F7-8D56-45C1-A7E5-7207697C560E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.3.10:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"2CBA3876-3F00-40DD-B5B5-D129A98EB1DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"5068AD3E-40C0-4F6C-9B19-FBE4975CFAF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.1:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"E03F8B0B-DA26-45D6-B6A6-EC6C55DEDF16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.2:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"8466046E-42F8-44EB-9536-3F060C782E61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.3:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"0357643C-7E86-45F5-8EC3-2EC324C5A698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.4:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"C6A08C79-1D3F-49B7-B75A-33F8E0F4FE62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.5:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"97ABFE90-415B-480F-9237-FC538BD37F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.6:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"E6E342E4-CAD0-47C8-9463-D095E43957A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.7:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"C9D2C21C-7308-41CA-B596-6652A380120C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.8:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"80424A7C-0BCC-4BDE-A0E0-B302BA767F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.9:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"53D339AF-D6AE-445B-94DF-272B6A4F7F2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.10:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"6A8326C2-CB37-45EC-95AF-82D2345BF262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.11:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"5ACA593D-CE0A-46F8-8A75-D3BBB3B4E787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.12:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"429C75FC-9EAD-42C6-88B7-47B96D6F5D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:herry:sfpagent:0.4.13:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"925844ED-9071-4232-A866-0281144C6E1E\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/243\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/16/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/18/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/16/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/18/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}],\"evaluatorComment\":\"Per: https://cwe.mitre.org/data/definitions/77.html\\n\\n\\\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\\\"\"}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…