CVE-2013-7239

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

CVSS v2.0 4.8 MEDIUM

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://code.google.com/p/memcached/wiki/ReleaseNotes1417	Patch
http://secunia.com/advisories/56183	Vendor Advisory
http://seclists.org/oss-sec/2013/q4/572
http://www.debian.org/security/2014/dsa-2832
http://www.ubuntu.com/usn/USN-2080-1
http://www.securityfocus.com/bid/64559

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:memcached:memcached:1.4.0:::::::*
	cpe:2.3:a:memcached:memcached:1.4.15:::::::*
	cpe:2.3:a:memcached:memcached::::::::
	cpe:2.3:a:memcached:memcached:1.4.9:::::::*
	cpe:2.3:a:memcached:memcached:1.4.13:::::::*
	cpe:2.3:a:memcached:memcached:1.4.14:::::::*
	cpe:2.3:a:memcached:memcached:1.4.7:::::::*
	cpe:2.3:a:memcached:memcached:1.4.8:::::::*
	cpe:2.3:a:memcached:memcached:1.4.11:::::::*
	cpe:2.3:a:memcached:memcached:1.4.12:::::::*
	cpe:2.3:a:memcached:memcached:1.4.5:::::::*
	cpe:2.3:a:memcached:memcached:1.4.2:::::::*
	cpe:2.3:a:memcached:memcached:1.4.6:::::::*
	cpe:2.3:a:memcached:memcached:1.4.10:::::::*
	cpe:2.3:a:memcached:memcached:1.4.4:::::::*
	cpe:2.3:a:memcached:memcached:1.4.3:::::::*
	cpe:2.3:a:memcached:memcached:1.4.1:::::::*

Information

Published : 2014-01-13 13:55

Updated : 2018-03-24 18:29

NVD link : CVE-2013-7239

Mitre link : CVE-2013-7239

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

memcached

memcached

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417", "name": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/56183", "name": "56183", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://seclists.org/oss-sec/2013/q4/572", "name": "[oss-security] 20131230 Re: CVE Request: SASL authentication allows wrong credentials to access memcache", "tags": [], "refsource": "MLIST"}, {"url": "http://www.debian.org/security/2014/dsa-2832", "name": "DSA-2832", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-2080-1", "name": "USN-2080-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/64559", "name": "64559", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-7239", "ASSIGNER": "security@debian.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-01-13T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.4.16"}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:memcached:memcached:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-03-25T01:29Z"}