Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection

high Nessus Plugin ID 46884


The remote host has an application that may allow modification of data via a restricted set of commands.


The installed version of Beanstalkd allows injection of Beanstalk commands.

A malicious producer process or client could exploit this issue to inject arbitrary beanstalkd commands via the 'PUT' command to view status of existing jobs or delete jobs from the Beanstalkd queue without co-operation from the consumer process or the client.


Upgrade to version 1.4.6 or later.

See Also

Plugin Details

Severity: High

ID: 46884

File Name: beanstalkd_remote_beanstalk_cmd_inject.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 6/14/2010

Updated: 11/15/2018

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/23/2010

Vulnerability Publication Date: 5/23/2010

Reference Information

CVE: CVE-2010-2060

BID: 40516

Secunia: 40032