CVE-2017-8994
published 2017-10-10CVE-2017-8994: A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
9.84%
95.0th percentile
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | operations_orchestration | <= 10.70 | — |
| micro_focus | hpe_operations_orchestration | — | — |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.22 | 5.5.9+dfsg-1ubuntu4.22 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vr6q-6hw7-2592: A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10
ghsa_unreviewed·2022-05-17
CVE-2017-8994 [CRITICAL] CWE-20 GHSA-vr6q-6hw7-2592: A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
OSV
php5, php7.0 vulnerabilities
osv·2017-08-10·CVSS 7.5
CVE-2015-8994 php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that the PHP opcache created keys for files it cached
based on their filepath. A local attacker could possibly use this issue in
a shared hosting environment to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS. (CVE-2015-8994)
It was discovered that the PHP URL parser incorrectly handled certain URI
components. A remote attacker could possibly use this issue to bypass
hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-10397)
It was discovered that PHP incorrectly handled certain boolean parameters
when unserializing data. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2017-11143)
S
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/100588https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_ushttps://www.tenable.com/security/research/tra-2017-25https://www.tenable.com/security/research/tra-2017-28http://www.securityfocus.com/bid/100588https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_ushttps://www.tenable.com/security/research/tra-2017-25https://www.tenable.com/security/research/tra-2017-28
2017-10-10
Published