VDB

CVE-2017-11610

CVE-2017-11610 PUBLISHED

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

EPSS 94.24% · 99.9th percentile

Risk Scores

EPSS Score
94.24%
99.9th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSsupervisor0, 3.0r1-1, 3.1.3-1
Ubuntu:14.04:LTSsupervisor0, 3.0b2-1

Exploit Intelligence

…and 771 more exploits

Timeline

  • Jan 19, 1970 VulnCheck XDB Entry
  • Jan 19, 1970 VulnCheck XDB Entry
  • Aug 23, 2017 CVE Published
  • Sep 25, 2017 PoC Published
  • Sep 25, 2017 PoC Published
  • May 29, 2018 PoC Published
  • Oct 9, 2020 PoC Published
  • Apr 8, 2021 VulnCheck KEV Exploitation
  • Apr 14, 2021 EPSS Score
  • Apr 22, 2021 VulnCheck KEV Exploitation
  • Apr 24, 2021 VulnCheck KEV Exploitation
  • Jun 23, 2021 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›