Description
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Andreas Schiermeier · textremotelinux
https://www.exploit-db.com/exploits/39097
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0175.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0174.html
Various Sources x_refsource_confirm
http://bugs.centos.org/view.php?id=6825
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1043040
Scores
EPSS
0.0275
EPSS Percentile
86.1%
Details
CWE
CWE-264
Status
published
Products (1)
ryan_ohara/piranha
0.8.6
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026