CVE-2011-10017

Q: How severe is CVE-2011-10017?

CVSS scoring is not yet available for CVE-2011-10017. Check NVD for updates.

Q: Is there a patch for CVE-2011-10017?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system.

Related Weaknesses (CWE)

CWE-78

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
https://web.archive.org/web/20111003093911/http://www.symmetrixtech.com/articles
https://www.exploit-db.com/exploits/17947
https://www.vulncheck.com/advisories/snort-report-rce

FAQ

What is CVE-2011-10017?

CVE-2011-10017 is a documented vulnerability. Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET pa...

How severe is CVE-2011-10017?

CVSS scoring is not yet available for CVE-2011-10017. Check NVD for updates.

Is there a patch for CVE-2011-10017?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.