PT-2014-3139 · Piranha+2 · Piranha+2

Othman Madjoudj

Published

2014-02-13

Updated

2014-02-18

CVE-2013-6492

CVSS v2.0

5.8

Medium

Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Piranha version 0.8.6

Description The issue concerns the Piranha Configuration Tool, which fails to properly restrict access to webpages. This allows remote attackers to bypass authentication and potentially read or modify the LVS configuration by sending an HTTP POST request.

Recommendations For Piranha version 0.8.6, consider restricting access to the Piranha Configuration Tool to minimize the risk of exploitation until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2014_0175

CVE-2013-6492

RHSA-2014:0174

RHSA-2014:0175

RHSA-2014_0174

RHSA-2014_0175

Affected Products

Centos

Piranha

Red Hat

PT-2014-3139 · Piranha+2 · Piranha+2

CVE-2013-6492

Weakness Enumeration

Related Identifiers

Affected Products

References · 15