Vulnerability Description
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Pan-Os | <= 4.0.8 |
Related Weaknesses (CWE)
References
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Th
- http://pastie.org/pastes/5568186/textExploit
- http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update
- https://security.paloaltonetworks.com/CVE-2013-5663
- http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Th
- http://pastie.org/pastes/5568186/textExploit
- http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update
- https://security.paloaltonetworks.com/CVE-2013-5663
FAQ
What is CVE-2013-5663?
CVE-2013-5663 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that ...
How severe is CVE-2013-5663?
CVE-2013-5663 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5663?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Pan-Os.