This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:MISC:GIT-SUBMODULE-RCE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
GIT Submodules Remote Code Execution
|
Release Date |
2019/09/26
|
Update Number |
3212
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: GIT Submodules Remote Code Execution
This signature detects attempts to exploit a known vulnerability against GIT. A successful attack can lead to Remote Code Execution
Extended Description
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Affected Products
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Debian debian_linux 9.0
- Git-scm git 2.14.0
- Git-scm git 2.14.1
- Git-scm git 2.14.2
- Git-scm git 2.14.3
- Git-scm git 2.14.4
- Git-scm git 2.15.0
- Git-scm git 2.15.1
- Git-scm git 2.15.2
- Git-scm git 2.16.0
- Git-scm git 2.16.1
- Git-scm git 2.16.2
- Git-scm git 2.16.3
- Git-scm git 2.16.4
- Git-scm git 2.17.0
- Git-scm git 2.17.1
- Git-scm git 2.18.0
- Git-scm git 2.19.0
- Redhat ansible_tower 3.3
- Redhat enterprise_linux 6.0
- Redhat enterprise_linux 6.7
- Redhat enterprise_linux 7.0
- Redhat enterprise_linux 7.3
- Redhat enterprise_linux 7.4
- Redhat enterprise_linux 7.5
- Redhat enterprise_linux 7.6
- Redhat enterprise_linux_desktop 7.0
- Redhat enterprise_linux_server 7.0
- Redhat enterprise_linux_server_aus 7.6
- Redhat enterprise_linux_server_eus 7.6
- Redhat enterprise_linux_server_tus 7.6
- Redhat enterprise_linux_workstation 7.0
References