PT-2018-4065 · Apache · Apache Vcl

Published

2018-02-21

Updated

2019-07-29

CVE-2013-0267

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache VCL versions 2.1, 2.2.x through 2.2.1, 2.3.x through 2.3.1

Description The issue allows remote authenticated users with certain permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks. This is due to improper data validation in the Privileges portion of the web GUI and the XMLRPC API.

Recommendations For Apache VCL version 2.1, update to version 2.2.2 or later. For Apache VCL versions 2.2.x through 2.2.1, update to version 2.2.2 or later. For Apache VCL versions 2.3.x through 2.3.1, update to version 2.3.2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-20

Related Identifiers

CVE-2013-0267

Affected Products

Apache Vcl

PT-2018-4065 · Apache · Apache Vcl

CVE-2013-0267

Weakness Enumeration

Related Identifiers

Affected Products

References · 5