Overview
OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server.
Description
From the OPenNDAP website: OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tools for transforming existing applications into OPeNDAP clients (i.e., enabling them to remotely access OPeNDAP served data). |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary commands. |
Solution
Apply a patch |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to the OPeNDAP team for information used in this report.
This document was written by Ryan Giobbi.
Other Information
CVE IDs: | None |
Severity Metric: | 2.16 |
Date Public: | 2007-05-14 |
Date First Published: | 2007-04-30 |
Date Last Updated: | 2007-05-18 19:43 UTC |
Document Revision: | 18 |