Short Name |
HTTP:MISC:FOREMAN-BOOKMARKS-RCE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Foreman bookmarks_controller.rb Remote Code Execution |
Release Date |
2017/10/10 |
Update Number |
2997 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Foreman. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the user running the application.
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.