cbcvebase.
CVE-2014-7178
published 2014-11-28

CVE-2014-7178: Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.06%
91.2th percentile
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

Affected

1 ranges
VendorProductVersion rangeFixed in
enaleantuleap<= 7.5.99.5

Detection & IOCsextracted from sources · hover to see the quote

path/usr/share/codendi/src/www/passwd.txt
urlhttps://[IP]/svn/?group_id=102
  • The attack vector is the HTTP User-Agent header, which is passed unsanitized to PHP's passthru() function — monitor/alert on anomalous or shell-command-containing User-Agent strings in requests to the Tuleap SVN endpoint.
  • Exploitation requires the attacker to have visibility of an SVN repository (authenticated session). Look for requests to /svn/ paths accompanied by unusual User-Agent values containing shell metacharacters or command strings.
  • The exploit targets Tuleap version 7.4.99.5; versions before 7.5.99.6 are vulnerable. Correlate version strings in server banners or application headers with this range.
  • ·The cookie values shown in the exploit (PHPSESSID, TULEAP_session_hash) are from a specific proof-of-concept session and will differ per target; do not treat them as universal static IOCs.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.