CVE-2010-2235

Published

11 years ago

Last Modified

11 years ago

CVSSv2.0 Severity

High

Impact Analysis

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954..

CVSSv2.0 Score

Severity: High
Base Score: 8.5/10
Exploit Score: 6.8/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: Single
Impact Score: 10/10
Confidentiality Impact: Complete
Availability Impact: Complete
Integrity Impact: Complete

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:michael_dehaan:cobbler:1.0.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.8:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.8:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.6-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.7:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler::::::::	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.0.2-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.8.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.3-4:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.6:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.1-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.7:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.8.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.8-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.4-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.9:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.9-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.8-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.4:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.6.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.6.4:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.6.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.4-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.4:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.1-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.1-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.4:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.0.3-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.9:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.8:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.5.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.7:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.3-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.6:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.3-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.2.7:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.1.1.7:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.0-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.2-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.3.1-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.0.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.6.0:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.8:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.6:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.6.3:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.5-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.3.6:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.6.2-1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.3.1-2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.4.5:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:1.4.0-2:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:0.2.9:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.3.1:::::::*	Yes	-	-
cpe:2.3:a:michael_dehaan:cobbler:2.0.4-1:::::::*	Yes	-	-

References

Ready to dive in? Start your free trial today.

Companies of all sizes—from startups to Fortune 500s—use Mageni to scan their assets for vulnerabilities, reduce risk exposure and minimizing the likelihood of a data breach. Free for 7-days then $39 USD Monthly. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.

Get Started For Free

CVE-2010-2235

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Ready to dive in? Start your free trial today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial

Product

Customer Service

Company

Compliance

CVE-2010-2235

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References

Ready to dive in? Start your free trial today.

Mageni makes easy to find, prioritize, and remediate the vulnerabilities

Internal and External Scans

Remediate

Secure your Applications

Comprehensive Coverage

Report and Analyze

More visibility

Prioritize

SSL Certificates

Simple and transparent pricing

Stop worrying about your budget or licenses limits

What's included

Why should I get a subscription now?

Frequently asked questions

Ready to get started? Start you 7-day free trial