Apache VCL improper input validation

2013.05.07
Credit: Josh Thompson
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-264


Ogólna skala CVSS: 6.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Jednorazowa
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion of the web GUI and in the XMLRPC API. A malicious user having a minimal level of administrative rights could manipulate the data submitted by the web GUI or submit non-standard data to the API to gain additional administrative rights. The API functions that are vulnerable were introduced in 2.3.1. Some of those API functions can also be exploited to perform a DOS attack on the site to remove access from other users and to perform an XSS attack to gain elevated privileges. The vulnerabilities were found by an Apache VCL developer doing a code review. No know exploits are in the wild at this point. Fixed Versions: Apache VCL 2.2.2, 2.3.2 Mitigation: Apache VCL 2.3 and 2.3.1 users should upgrade to 2.3.2 as soon as possible. Apache VCL 2.2 and 2.2.1 users should upgrade to 2.2.2 as soon as possible. Apache VCL 2.1 users should upgrade to 2.2.2 or 2.3.2 as soon as possible. Apache VCL 2.2.2 and 2.3.2 can be downloaded from http://vcl.apache.org/downloads/download.cgi Workarounds: There are no complete workarounds. However, users must have at least nodeAdmin, manageGroup, resourceGrant, or userGrant to exploit the vulnerabilities. Removing that access from anyone that is not fully trusted will minimized chances of an exploit against your site. Josh Thompson Apache VCL release manager

Referencje:

http://vcl.apache.org/downloads/download.cgi


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top