Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4346

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4346
Last Modified 21 May 2014 01:19:30
Published 20 May 2014 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4346

Summary

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.

Vulnerable Systems

Application

  • Urbanairship Python-oauth2 -


References

MISC - https://github.com/simplegeo/python-oauth2/issues/129

MLIST - [oss-security] 20130912 Re: cve requests for python-oauth2


Last Updated: 27 May 2016 11:05:19