CVE-2014-0468

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that 
the users would have uploaded in their raw SCM repositories (SVN, Git, 
Bzr...). This issue affects fusionforge: before 5.3+20140506.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
debianCNA
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fusionforge
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
dne
trusty
dne
precise
ignored
References
http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html
https://web.archive.org/web/20151019035734/http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html