luci is vulnerable to remote code execution (RCE) attacks. The vulnerability exists through an eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
rhn.redhat.com/errata/RHSA-2014-1390.html
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/luci.html#RHSA-2014-1390
access.redhat.com/errata/RHSA-2014:1390
access.redhat.com/security/cve/CVE-2014-3593
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1026374
bugzilla.redhat.com/show_bug.cgi?id=1100817
bugzilla.redhat.com/show_bug.cgi?id=1117398
bugzilla.redhat.com/show_bug.cgi?id=855112
bugzilla.redhat.com/show_bug.cgi?id=982771
bugzilla.redhat.com/show_bug.cgi?id=989005
rhn.redhat.com/errata/RHSA-2014-1390.html