CVE-2013-5663
First published: Sat Aug 31 2013(Updated: )
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks PAN-OS | <=4.0.8 | |
| Palo Alto Networks PAN-OS | =4.0.0 | |
| Palo Alto Networks PAN-OS | =4.0.1 | |
| Palo Alto Networks PAN-OS | =4.0.2 | |
| Palo Alto Networks PAN-OS | =4.0.3 | |
| Palo Alto Networks PAN-OS | =4.0.4 | |
| Palo Alto Networks PAN-OS | =4.0.5 | |
| Palo Alto Networks PAN-OS | =4.0.6 | |
| Palo Alto Networks PAN-OS | =4.0.7 | |
| Palo Alto Networks PAN-OS | =4.1.0 | |
| Palo Alto Networks PAN-OS | =4.1.1 | |
| Palo Alto Networks PAN-OS | =4.1.2 | |
| Palo Alto Networks PAN-OS | =4.1.3 | |
| Palo Alto Networks PAN-OS | =4.1.4 | |
| Palo Alto Networks PAN-OS | =4.1.5 | |
| Palo Alto Networks PAN-OS | =4.1.6 | |
| Palo Alto Networks PAN-OS | =4.1.7 | |
| Palo Alto Networks PAN-OS | =4.1.8 | |
| Palo Alto Networks PAN-OS | =4.1.8-h3 | |
| Palo Alto Networks PAN-OS | =4.1.9 | |
| Palo Alto Networks PAN-OS | =4.1.10 | |
| Palo Alto Networks PAN-OS | =5.0.0 | |
| Palo Alto Networks PAN-OS | =5.0.0-h1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx
- http://pastie.org/pastes/5568186/text
- http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/
- https://security.paloaltonetworks.com/CVE-2013-5663
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptx
Frequently Asked Questions
What is the severity of CVE-2013-5663?
CVE-2013-5663 is classified as a high severity vulnerability due to its potential to bypass security policies.
How do I fix CVE-2013-5663?
To fix CVE-2013-5663, upgrade your Palo Alto Networks PAN-OS to version 4.0.14, 4.1.11, or 5.0.2 or later.
What impact does CVE-2013-5663 have on affected systems?
CVE-2013-5663 allows remote attackers to bypass intended security policies by exploiting invalid caching mechanisms.
Which versions of PAN-OS are affected by CVE-2013-5663?
CVE-2013-5663 affects Palo Alto Networks PAN-OS versions prior to 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2.
Can CVE-2013-5663 be exploited remotely?
Yes, CVE-2013-5663 can be exploited remotely by attackers through crafted requests.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/paloaltonetworks
- canonical/palo alto networks pan-os
- version/palo alto networks pan-os/4.0.8
- version/palo alto networks pan-os/4.0.0
- version/palo alto networks pan-os/4.0.1
- version/palo alto networks pan-os/4.0.2
- version/palo alto networks pan-os/4.0.3
- version/palo alto networks pan-os/4.0.4
- version/palo alto networks pan-os/4.0.5
- version/palo alto networks pan-os/4.0.6
- version/palo alto networks pan-os/4.0.7
- version/palo alto networks pan-os/4.1.0
- version/palo alto networks pan-os/4.1.1
- version/palo alto networks pan-os/4.1.2
- version/palo alto networks pan-os/4.1.3
- version/palo alto networks pan-os/4.1.4
- version/palo alto networks pan-os/4.1.5
- version/palo alto networks pan-os/4.1.6
- version/palo alto networks pan-os/4.1.7
- version/palo alto networks pan-os/4.1.8
- version/palo alto networks pan-os/4.1.8-h3
- version/palo alto networks pan-os/4.1.9
- version/palo alto networks pan-os/4.1.10
- version/palo alto networks pan-os/5.0.0
- version/palo alto networks pan-os/5.0.0-h1