HTTP: Gitlist Metacharacters In File Name URI Request Remote Command Execution

This signature detects attempts to exploit a known vulnerability against Git. A successful exploit can lead to remote command execution.

Extended Description

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

Affected Products

Gitlist gitlist

References

CVE: CVE-2014-4511

Short Name
HTTP:MISC:GITLIST-URI-REQ-CE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2014-4511 Command Execution File Gitlist In Metacharacters Name Remote Request URI
Release Date
06/12/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3650
False Positive
Rarely
Vendors

Gitlist

CVSS Score

7.5

Found a potential security threat?