CVE-2012-5646 - Vulnerability Details - OpenCVE

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift Openshift Origin

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift:1.0:-:enterprise:::::*
	cpe:2.3:a:redhat:openshift_origin::::::::

Package	CPE	Advisory	Released Date
RHEL 6 Version of OpenShift Enterprise
openshift-origin-node-util-0:1.0.5-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0148	2013-01-08T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2013-0148.html
http://www.osvdb.org/89431
http://www.securityfocus.com/bid/57189
https://bugzilla.redhat.com/show_bug.cgi?id=888518
https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00
https://github.com/openshift/origin-server/pull/1017
https://nvd.nist.gov/vuln/detail/CVE-2012-5646
https://www.cve.org/CVERecord?id=CVE-2012-5646

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-24T21:00:00Z

Updated: 2024-08-06T21:14:16.329Z

Reserved: 2012-10-24T00:00:00Z

Link: CVE-2012-5646

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-02-24T21:55:00.957

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5646

Redhat

Severity : Moderate

Publid Date: 2013-01-08T00:00:00Z

Links: CVE-2012-5646 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-02-24T21:00:00Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openshift/origin-server/pull/1017"}, {"name": "89431", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/89431"}, {"name": "RHSA-2013:0148", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"}, {"name": "57189", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57189"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.329Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openshift/origin-server/pull/1017"}, {"name": "89431", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/89431"}, {"name": "RHSA-2013:0148", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"}, {"name": "57189", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57189"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5646", "state": "PUBLISHED", "dateReserved": "2012-10-24T00:00:00Z", "datePublished": "2013-02-24T21:00:00Z", "dateUpdated": "2024-08-06T21:14:16.329Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "6D63189E-7BFC-438B-A583-1901BBC15CF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F4086F4-8220-4036-B579-047F501BD5FD", "versionEndIncluding": "1.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO."}, {"lang": "es", "value": "node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO."}], "id": "CVE-2012-5646", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-24T21:55:00.957", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/89431"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57189"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"}, {"source": "secalert@redhat.com", "url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"}, {"source": "secalert@redhat.com", "url": "https://github.com/openshift/origin-server/pull/1017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/89431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/openshift/origin-server/pull/1017"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}