CVE-2015-0859

EPSS 2.8%

smokeping - security update

Published: 12/3/2015Modified: 3/9/2026

Also known as:DSA-3405-1DEBIAN-CVE-2015-0859

Description

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

Affected packages (2)

Debian/smokepingfrom 0, < 2.6.11-2
Debian/smokepingfrom 0, < 2.6.8-2+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-0859