Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4365


Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.


Published

2013-10-17T23:55:04.470

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-787

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache mod_fcgid < 2.3.9 Yes
Application apache http_server * No
Operating System debian debian_linux 6.0 Yes
Operating System debian debian_linux 7.0 Yes
Application suse cloud 1.0 Yes
Application suse cloud 2.0 Yes
Operating System opensuse opensuse 11.4 Yes
Operating System opensuse opensuse 12.2 Yes
Operating System opensuse opensuse 12.3 Yes
Operating System suse linux_enterprise_software_development_kit 11 Yes
Operating System suse linux_enterprise_software_development_kit 11 Yes

References