Vulnerability Details : CVE-2011-0437
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
Products affected by CVE-2011-0437
- cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.7:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:*
- cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0437
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0437
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0437
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0437
-
http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db
Patch
-
http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0
Patch
-
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
404 Not Found
-
http://www.debian.org/security/2011/dsa-2179
Debian -- Security Information -- DSA-2179-1 dtc
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65897
Domain Technologie Control ssh.php security bypass CVE-2011-0437 Vulnerability Report
-
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
404 Not Found
-
http://www.vupen.com/english/advisories/2011/0556
Webmail | OVH- OVHVendor Advisory
-
http://www.gplhost.sg/lists/dtcannounce/msg00025.html
Fwd: [SECURITY] [DSA 2179-1] dtc security updatePatch
Jump to