CVE-2013-5663
First published: Sat Aug 31 2013(Updated: )
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Pan-os | <=4.0.8 | |
| Paloaltonetworks Pan-os | =4.0.0 | |
| Paloaltonetworks Pan-os | =4.0.1 | |
| Paloaltonetworks Pan-os | =4.0.2 | |
| Paloaltonetworks Pan-os | =4.0.3 | |
| Paloaltonetworks Pan-os | =4.0.4 | |
| Paloaltonetworks Pan-os | =4.0.5 | |
| Paloaltonetworks Pan-os | =4.0.6 | |
| Paloaltonetworks Pan-os | =4.0.7 | |
| Paloaltonetworks Pan-os | =4.1.0 | |
| Paloaltonetworks Pan-os | =4.1.1 | |
| Paloaltonetworks Pan-os | =4.1.2 | |
| Paloaltonetworks Pan-os | =4.1.3 | |
| Paloaltonetworks Pan-os | =4.1.4 | |
| Paloaltonetworks Pan-os | =4.1.5 | |
| Paloaltonetworks Pan-os | =4.1.6 | |
| Paloaltonetworks Pan-os | =4.1.7 | |
| Paloaltonetworks Pan-os | =4.1.8 | |
| Paloaltonetworks Pan-os | =4.1.8-h3 | |
| Paloaltonetworks Pan-os | =4.1.9 | |
| Paloaltonetworks Pan-os | =4.1.10 | |
| Paloaltonetworks Pan-os | =5.0.0 | |
| Paloaltonetworks Pan-os | =5.0.0-h1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx
- http://pastie.org/pastes/5568186/text
- http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/
- https://security.paloaltonetworks.com/CVE-2013-5663
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptx
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/paloaltonetworks
- canonical/paloaltonetworks pan-os
- version/paloaltonetworks pan-os/4.0.8
- version/paloaltonetworks pan-os/4.0.0
- version/paloaltonetworks pan-os/4.0.1
- version/paloaltonetworks pan-os/4.0.2
- version/paloaltonetworks pan-os/4.0.3
- version/paloaltonetworks pan-os/4.0.4
- version/paloaltonetworks pan-os/4.0.5
- version/paloaltonetworks pan-os/4.0.6
- version/paloaltonetworks pan-os/4.0.7
- version/paloaltonetworks pan-os/4.1.0
- version/paloaltonetworks pan-os/4.1.1
- version/paloaltonetworks pan-os/4.1.2
- version/paloaltonetworks pan-os/4.1.3
- version/paloaltonetworks pan-os/4.1.4
- version/paloaltonetworks pan-os/4.1.5
- version/paloaltonetworks pan-os/4.1.6
- version/paloaltonetworks pan-os/4.1.7
- version/paloaltonetworks pan-os/4.1.8
- version/paloaltonetworks pan-os/4.1.8-h3
- version/paloaltonetworks pan-os/4.1.9
- version/paloaltonetworks pan-os/4.1.10
- version/paloaltonetworks pan-os/5.0.0
- version/paloaltonetworks pan-os/5.0.0-h1