Vulnerability Description
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Vcl | >= 2.2, <= 2.2.2 |
Related Weaknesses (CWE)
References
- https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diThird Party Advisory
- https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34
- https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077
- https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8z
- https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diThird Party Advisory
- https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34
- https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077
- https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8z
FAQ
What is CVE-2013-0267?
CVE-2013-0267 is a vulnerability with a CVSS score of 8.8 (HIGH). The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or us...
How severe is CVE-2013-0267?
CVE-2013-0267 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0267?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Vcl.