CVE-2016-3728

Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

Published: May 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-3728
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
theforeman / foreman	1.11.0-rc1	1.11.0-rc1.x
theforeman / foreman	1.11.0	1.11.0.x
theforeman / foreman	1.11.0-rc2	1.11.0-rc2.x
theforeman / foreman	1.11.1	1.11.1.x
theforeman / foreman	1.11.0-rc3	1.11.0-rc3.x
theforeman / foreman	1.10.3	1.10.3.x

http://projects.theforeman.org/issues/14931
http://theforeman.org/security.html#2016-3728
http://www.openwall.com/lists/oss-security/2016/05/19/2
https://access.redhat.com/errata/RHBA-2016:1501
https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7

Vulnerability Database

289,697

CVE-2016-3728