CVE-2013-6765

Name of the Vulnerable Software and Affected Versions OpenVAS Manager versions 3.0 through 3.0.6 OpenVAS Manager versions 4.0 through 4.0.3

Description The issue allows remote attackers to bypass authentication restrictions and execute commands via a crafted request for version information. This is demonstrated by the omp xml handle end element function in omp.c, which causes the state to be set to CLIENT AUTHENTIC.

Recommendations For OpenVAS Manager versions 3.0 through 3.0.6, update to version 3.0.7 to resolve the issue. For OpenVAS Manager versions 4.0 through 4.0.3, update to version 4.0.4 to resolve the issue.