CVE-2013-0267: Input Validation
First published: Wed Feb 21 2018(Updated: )
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Virtual Computing Lab | >=2.2<=2.2.2 | |
| Apache Virtual Computing Lab | >=2.3<2.3.2 | |
| Apache Virtual Computing Lab | =2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d
- https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99@%3Ccommits.vcl.apache.org%3E
- https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0@%3Ccommits.vcl.apache.org%3E
- https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7@treebeard%3E
- https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7%40treebeard%3E
- https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0%40%3Ccommits.vcl.apache.org%3E
- https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99%40%3Ccommits.vcl.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2013-0267?
CVE-2013-0267 has a moderate severity, allowing authenticated users to gain unauthorized privileges.
How do I fix CVE-2013-0267?
To fix CVE-2013-0267, upgrade Apache VCL to version 2.3.2 or higher, or 2.2.2 or higher.
What types of attacks can CVE-2013-0267 facilitate?
CVE-2013-0267 can facilitate privilege escalation, denial of service, and cross-site scripting attacks.
Who is affected by CVE-2013-0267?
Authenticated users with specific roles such as nodeAdmin or resourceGrant permissions in Apache VCL are affected by CVE-2013-0267.
What versions of Apache VCL are vulnerable to CVE-2013-0267?
Versions of Apache VCL prior to 2.3.2, 2.2.2, and 2.1 are vulnerable to CVE-2013-0267.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/apache
- canonical/apache virtual computing lab
- version/apache virtual computing lab/2.2
- version/apache virtual computing lab/2.2.2
- version/apache virtual computing lab/2.3
- version/apache virtual computing lab/2.1