Vulnerability Note VU#857153
OPeNDAP code execution vulnerability
OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server.
From the OPenNDAP website:
OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tools for transforming existing applications into OPeNDAP clients (i.e., enabling them to remotely access OPeNDAP served data).
A remote, unauthenticated attacker may be able to execute arbitrary commands.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OPeNDAP, Inc.||Affected||-||30 Apr 2007|
CVSS Metrics (Learn More)
Thanks to the OPeNDAP team for information used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 14 May 2007
- Date First Published: 30 Apr 2007
- Date Last Updated: 18 May 2007
- Severity Metric: 2.16
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.