GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution
High Nessus Plugin ID 53336
SynopsisThe remote web server contains a CGI script that can be abused to execute arbitrary commands.
DescriptionThe version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell.
An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands subject to the privileges under which the web server operates.
SolutionUpgrade to version 1.5.6 or later.