Vulnerability Description
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | <= 7.5.99.5 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Oct/121Exploit
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
- https://www.tuleap.org/recent-vulnerabilitiesVendor Advisory
- http://seclists.org/fulldisclosure/2014/Oct/121Exploit
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
- https://www.tuleap.org/recent-vulnerabilitiesVendor Advisory
FAQ
What is CVE-2014-7178?
CVE-2014-7178 is a vulnerability with a CVSS score of 9.3 (HIGH). Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
How severe is CVE-2014-7178?
CVE-2014-7178 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7178?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.