ID de Prueba:	1.3.6.1.4.1.25623.1.0.103774
Categoría:	Web application abuses
Título:	Graphite RCE Vulnerability
Resumen:	Graphite is prone to a remote code execution (RCE); vulnerability.
Descripción:	Summary: Graphite is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: In graphite-web 0.9.5, a 'clustering' feature was introduced to allow for scaling for a graphite setup. This was achieved by passing pickles between servers. However due to no explicit safety measures having been implemented to limit the types of objects that can be unpickled, this creates a condition where arbitrary code can be executed Vulnerability Impact: Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application. Affected Software/OS: Graphite versions 0.9.5 through 0.9.10 are vulnerable. Solution: Ask the Vendor for an update. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5093 BugTraq ID: 61894 http://www.securityfocus.com/bid/61894 http://www.exploit-db.com/exploits/27752 http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/ https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb http://www.osvdb.org/96436 http://secunia.com/advisories/54556
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.