Beanstalkd < 1.4.6 Remote Beanstalkd Command Injection

High Nessus Plugin ID 46884


The remote host has an application that may allow modification of data via a restricted set of commands.


The installed version of Beanstalkd allows injection of Beanstalk commands.

A malicious producer process or client could exploit this issue to inject arbitrary beanstalkd commands via the 'PUT' command to view status of existing jobs or delete jobs from the Beanstalkd queue without co-operation from the consumer process or the client.


Upgrade to version 1.4.6 or later.

See Also

Plugin Details

Severity: High

ID: 46884

File Name: beanstalkd_remote_beanstalk_cmd_inject.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Misc.

Published: 2010/06/14

Modified: 2017/04/27

Dependencies: 46883

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2010/05/23

Vulnerability Publication Date: 2010/05/23

Reference Information

CVE: CVE-2010-2060

BID: 40516

OSVDB: 65113

Secunia: 40032