Vulnerability CVE-2015-7545

Vulnerability Name:

CVE-2015-7545 (CCN-109417)

Assigned:

2015-10-05

Published:

2015-10-05

Updated:

2018-10-30

Summary:

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-284
CWE-20
CWE-77

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:git_project:git:*:*:*:*:*:*:*:* (Version <= 2.3.9)

OR cpe:/a:git_project:git:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.5:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.5.3:*:*:*:*:*:*:*

OR cpe:/a:git_project:git:2.6.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:redhat:software_collections:1.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20157545	V	CVE-2015-7545	2023-06-22
oval:org.opensuse.security:def:7718	P	mercurial-5.9.1-150400.1.8 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3124	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94754	P	mercurial-5.9.1-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:42387	P	Security update for libslirp (Important)	2022-05-18
oval:org.opensuse.security:def:42432	P	Security update for libeconf, shadow and util-linux (Moderate)	2022-04-19
oval:org.opensuse.security:def:1305	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP3) (Important)	2022-04-14
oval:org.opensuse.security:def:853	P	Security update for xz (Important)	2022-04-12
oval:org.opensuse.security:def:112979	P	mercurial-4.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:952	P	Security update for python39-pip (Moderate)	2022-01-12
oval:org.opensuse.security:def:41508	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:64594	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:41161	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:106426	P	mercurial-4.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:55252	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:56075	P	Security update for libqt5-qtbase (Important)	2021-09-30
oval:org.opensuse.security:def:71268	P	libjbig-devel-2.1-1.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71381	P	python3-pycrypto-2.6.1-1.28 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:47473	P	powerpc-utils-1.3.3-5.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47802	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48026	P	gnutls-3.3.27-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47375	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47510	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47835	P	openssh-7.2p2-74.25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48075	P	libXext6-1.3.2-4.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47474	P	ppc64-diag-2.7.3-1.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47609	P	fontconfig-2.11.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47934	P	zoo-2.10-1020.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48174	P	libpng16-16-1.6.8-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47389	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:55230	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:47374	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47703	P	libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47927	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48289	P	python-urllib3-1.22-3.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47488	P	quagga-0.99.22.1-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:55229	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:68028	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-07-27
oval:org.opensuse.security:def:1773	P	Security update for MozillaThunderbird (Important)	2021-07-22
oval:org.opensuse.security:def:1473	P	Security update for gupnp (Important)	2021-06-24
oval:org.opensuse.security:def:16519	P	libical-devel-1.0.1-16.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17003	P	gcc48-gij-32bit-4.8.3+r212056-6.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17094	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:20264	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:16638	P	ppp-devel-2.4.7-3.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48534	P	libpng12-0-1.2.50-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62862	P	mercurial-4.5.2-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48388	P	cpio-2.11-29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48630	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16618	P	mpfr-devel-3.1.2-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48500	P	libgypsy0-0.9-6.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55909	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:48373	P	augeas-1.2.0-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48602	P	ppp-2.4.7-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17072	P	libproxy1-networkmanager-32bit-0.4.11-11.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16511	P	libgit2-24-0.24.1-7.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16553	P	libotr-devel-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48599	P	perl-XML-LibXML-2.0019-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48472	P	libXrender1-0.9.8-3.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48701	P	pidgin-otr-4.0.0-6.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16995	P	bogofilter-1.2.4-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16610	P	libzmq3-4.0.4-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16652	P	sane-backends-devel-1.0.24-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48435	P	gpgme-1.5.1-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:72581	P	mercurial-4.5.2-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48531	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17060	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64681	P	Security update for p7zip (Moderate)	2021-05-04
oval:org.opensuse.security:def:40877	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:19607	P	Security update for hawk2 (Critical)	2021-01-22
oval:org.opensuse.security:def:19564	P	Security update for hawk2 (Critical)	2021-01-22
oval:org.opensuse.security:def:19576	P	Security update for hawk2 (Important)	2021-01-12
oval:org.opensuse.security:def:41230	P	Security update for clamav (Moderate)	2021-01-05
oval:org.opensuse.security:def:16726	P	freeradius-server-devel-3.0.19-1.48 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16872	P	libpoppler44-0.24.4-14.13.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16973	P	sqlite3-devel-3.8.10.2-9.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16737	P	giflib-devel-5.0.5-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16825	P	libicu-devel-52.1-8.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16971	P	soundtouch-1.7.1-5.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16695	P	bash-devel-4.3-83.23.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16762	P	krb5-devel-1.12.5-40.37.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16961	P	rhythmbox-3.4-6.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16904	P	libudev-devel-228-155.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16794	P	libass-devel-0.10.2-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16861	P	libotr-devel-4.0.0-9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:19473	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18471	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:41332	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:41669	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:49860	P	perl-YAML-LibYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18514	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:40177	P	Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 (Important)	2020-12-01
oval:org.opensuse.security:def:41572	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:41749	P	Security update for busybox (Moderate)	2020-12-01
oval:org.opensuse.security:def:18658	P	Recommended update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49914	P	mercurial on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40165	P	Security update for emacs (Important)	2020-12-01
oval:org.opensuse.security:def:40421	P	Security update for openssh (Important)	2020-12-01
oval:org.opensuse.security:def:17659	P	Recommended update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:18730	P	Recommended update for LibreOffice (Low)	2020-12-01
oval:org.opensuse.security:def:18933	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:41756	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:40599	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:40993	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:18875	P	Security update for ntfs-3g_ntfsprogs (Low)	2020-12-01
oval:org.opensuse.security:def:18969	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:55630	P	Recommended update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:41067	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:41801	P	Recommended update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:19102	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:19145	P	Security update for texlive (Moderate)	2020-12-01
oval:org.opensuse.security:def:56560	P	Security update for libtirpc (Important)	2020-12-01
oval:org.opensuse.security:def:20238	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12) (Important)	2020-12-01
oval:org.opensuse.security:def:40808	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:19289	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56360	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:56672	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:40796	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:41052	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:17758	P	Recommended update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:19361	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:41624	P	Security update for docker, sle2docker, go (Moderate)	2020-12-01
oval:org.opensuse.security:def:17633	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:18479	P	Security update for opensaml (Important)	2020-12-01
oval:org.opensuse.security:def:19506	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:19600	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:40166	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:41698	P	Security update for docker (Moderate)	2020-12-01
oval:org.opensuse.security:def:18600	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:67928	P	libplist++-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40269	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18692	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:40530	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:18842	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18945	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:19633	P	Recommended update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:55392	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40701	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:41038	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:49692	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17732	P	Security update for wireshark (Low)	2020-12-01
oval:org.opensuse.security:def:19110	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:55803	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:40941	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:41118	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:40797	P	Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:49746	P	mercurial on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19231	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:56634	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:40900	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:19323	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:56468	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:56753	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20157545000	V	CVE-2015-7545 on Ubuntu 12.04 LTS (precise) - medium.	2016-04-13
oval:com.ubuntu.trusty:def:20157545000	V	CVE-2015-7545 on Ubuntu 14.04 LTS (trusty) - medium.	2016-04-13
oval:org.cisecurity:def:360	P	DSA-3435-1 -- git -- security update	2016-02-26
oval:com.redhat.rhsa:def:20152561	P	RHSA-2015:2561: git security update (Moderate)	2015-12-08

BACK