7.5

CVE-2013-4365

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheMod Fcgid Version < 2.3.9
   ApacheHTTP Server
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
SuseCloud Version1.0
SuseCloud Version2.0
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.14% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/55197
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1527362
Patch
Vendor Advisory
http://www.debian.org/security/2013/dsa-2778
Third Party Advisory
http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
http://www.securityfocus.com/bid/62939
Third Party Advisory
VDB Entry