CVE-2016-3728

Published: May 20, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/theforeman/smart-proxy/commit/eef532aa668d656b9d61d9c6edf7c2505f3f43c7

x_refsource_CONFIRM

[oss-security] 20160519 CVE-2016-3728: remote code execution in Foreman smart proxy TFTP API

mailing-list

x_refsource_MLIST

http://projects.theforeman.org/issues/14931

x_refsource_CONFIRM

http://theforeman.org/security.html#2016-3728

x_refsource_CONFIRM

RHBA-2016:1501

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-3728

Description

Affected Products

References