4.8

CVE-2013-7239

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MemcachedMemcached Version <= 1.4.16
MemcachedMemcached Version1.4.0
MemcachedMemcached Version1.4.1
MemcachedMemcached Version1.4.2
MemcachedMemcached Version1.4.3
MemcachedMemcached Version1.4.4
MemcachedMemcached Version1.4.5
MemcachedMemcached Version1.4.6
MemcachedMemcached Version1.4.7
MemcachedMemcached Version1.4.8
MemcachedMemcached Version1.4.9
MemcachedMemcached Version1.4.10
MemcachedMemcached Version1.4.11
MemcachedMemcached Version1.4.12
MemcachedMemcached Version1.4.13
MemcachedMemcached Version1.4.14
MemcachedMemcached Version1.4.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.18% 0.636
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.8 6.5 4.9
AV:A/AC:L/Au:N/C:P/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/56183
Vendor Advisory
http://www.debian.org/security/2014/dsa-2832
http://www.ubuntu.com/usn/USN-2080-1
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Patch
http://seclists.org/oss-sec/2013/q4/572
http://www.securityfocus.com/bid/64559