CVE-2013-0267

{"id": "CVE-2013-0267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-02-21T15:29:00.213", "references": [{"url": "https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99%40%3Ccommits.vcl.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0%40%3Ccommits.vcl.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7%40treebeard%3E", "source": "secalert@redhat.com"}, {"url": "https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99%40%3Ccommits.vcl.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0%40%3Ccommits.vcl.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7%40treebeard%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation."}, {"lang": "es", "value": "La porci\u00f3n privilegios de la interfaz gr\u00e1fica de usuario web y la API XMLRPC en Apache VCL, en versiones 2.3.x anteriores a la 2.3.2, versiones 2.2.x anteriores a la 2.2.2 y versiones 2.1, permite que usuarios autenticados remotos con permisos nodeAdmin, manageGroup, resourceGrant o userGrant obtengan privilegios, provoquen una denegaci\u00f3n de servicio (DoS) o lleven a cabo ataques de Cross-Site Scripting (XSS) aprovechando la validaci\u00f3n indebida de datos."}], "lastModified": "2024-11-21T01:47:11.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:vcl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB0FF70A-CED7-4AA5-AD53-2C7C93944D4F", "versionEndIncluding": "2.2.2", "versionStartIncluding": "2.2"}, {"criteria": "cpe:2.3:a:apache:vcl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "347CC889-100F-468C-A71A-9937441C68FF", "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.3"}, {"criteria": "cpe:2.3:a:apache:vcl:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50E6A212-B4AE-4FE4-81BE-B6EA6C9C7F23"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}