CVE-2014-4507
20.06.2014, 14:55
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
| Vendor | Product | Version |
|---|---|---|
| theforeman | foreman | 𝑥 ≤ 1.4.4 |
| theforeman | foreman | 1.4.0 |
| theforeman | foreman | 1.4.1 |
| theforeman | foreman | 1.4.2 |
| theforeman | foreman | 1.4.3 |
| theforeman | foreman | 1.5.0 |
𝑥
= Vulnerable software versions