SecuritySpace - CVE-2014-4967

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-4967

Description: Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-4967
http://www.ocert.org/advisories/ocert-2014-004.html

CVE ID:	CVE-2014-4967
Description:	Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4967 http://www.ocert.org/advisories/ocert-2014-004.html