1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Gitorious Remote Command Execution

Attack: Gitorious Remote Command Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote command execution vulnerability in Gitorious.

Additional Information

Gitorious is an application for providing distributed open-source code collaboration.

Gitorious is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input passed as a part of the '/api/project/repo/log/graph/' URI. Specifically, the issue affects the 'gitorious-mainline/lib/gitorious/git_shell.rb' script. An attacker can exploit this issue to execute arbitrary commands by sending specially crafted requests to the application.

An attacker can exploit this issue to execute arbitrary commands within the context of the affected application.

Affected

  • Gitorious Gitorious 0

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube