5 - CVE-2013-2178

Executive Summary

Informations
Name	CVE-2013-2178	First vendor Publication	2013-08-28
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2178

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17338

Oval ID:	oval:org.mitre.oval:def:17338
Title:	DoS for arbitrary chosen IP addresses
Description:	The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-2178	Version:	7
Platform(s):	openSUSE 11.4 openSUSE 12.2 openSUSE 12.3	Product(s):
Definition Synopsis:
Package List openSUSE 12.3 is installed AND Package fail2ban is less than 0.8.8-2.8.1 OR Package List openSUSE 12.2 is installed AND Package fail2ban is less than 0.8.6-2.9.1 OR Package List openSUSE 11.4 is installed AND Package fail2ban is less than 0.8.4-22.1

Definition Id: oval:org.mitre.oval:def:19590

Oval ID:	oval:org.mitre.oval:def:19590
Title:	DSA-2708-1 fail2ban - denial of service
Description:	Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall.
Family:	unix	Class:	patch
Reference(s):	DSA-2708-1 CVE-2013-2178	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	fail2ban
Definition Synopsis:
Release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND fail2ban DPKG is earlier than 0:0.8.4-3+squeeze2 AND Release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND fail2ban DPKG is earlier than 0:0.8.6-3wheezy2

CPE : Common Platform Enumeration

Type	Description	Count
Application	fail2ban cpe:2.3:a:fail2ban:fail2ban:0.8.9:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.8:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.7.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.7:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.6:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.5:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.4:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.3:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.2:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.8:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.9:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.8:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.7:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.6:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.5:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.4:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.3:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.2:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.7.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.6.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.6.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.5:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.4:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.3:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.2:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.5.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.4.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.4.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.3.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.3.0:::::::* cpe:2.3:a:fail2ban:fail2ban:0.1.2:::::::* cpe:2.3:a:fail2ban:fail2ban:0.1.1:::::::* cpe:2.3:a:fail2ban:fail2ban:0.1.0:::::::* cpe:2.3:a:fail2ban:fail2ban::::::::	38

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-544.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-194.nasl - Type : ACT_GATHER_INFO
2014-06-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-03.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-209.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-10806.nasl - Type : ACT_GATHER_INFO
2013-07-03	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2013-191.nasl - Type : ACT_GATHER_INFO
2013-06-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2708.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html
http://www.debian.org/security/2013/dsa-2708
http://www.openwall.com/lists/oss-security/2013/06/13/7
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
https://vndh.net/note:fail2ban-089-denial-service

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:34:40	Multiple Updates
2021-07-28 01:12:45	Multiple Updates
2021-05-05 01:12:33	Multiple Updates
2021-05-04 12:24:57	Multiple Updates
2021-04-22 01:29:54	Multiple Updates
2020-05-24 01:11:07	Multiple Updates
2020-05-23 00:36:54	Multiple Updates
2017-09-19 09:25:57	Multiple Updates
2016-04-26 23:05:37	Multiple Updates
2014-06-14 13:35:25	Multiple Updates
2014-06-03 13:23:29	Multiple Updates
2014-03-18 13:22:35	Multiple Updates
2014-02-17 11:19:08	Multiple Updates
2013-11-04 21:26:46	Multiple Updates
2013-09-05 21:20:27	Multiple Updates
2013-08-29 21:19:13	Multiple Updates
2013-08-29 13:20:54	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	38
Sources(s)	6
Nessus® Exploit(s)	7

	Related
5	MDVSA-2013:191
5	GLSA-201406-03
5	DSA-2708
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

5 - CVE-2013-2178

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU