Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7379

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-7379
Last Modified 16 May 2014 01:55:06
Published 16 May 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7379

Summary

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.

Vulnerable Systems

Application

  • Ucdok Tomato 0.0.5


References

CONFIRM - https://github.com/leizongmin/tomato/commit/9e427d524e04a905312a3294c85e939ed7d57b8c

MISC - https://nodesecurity.io/advisories/Tomato_API_Admin_Auth_Weakness

MLIST - [oss-security] 20140514 Re: CVE request: various NodeJS module vulnerabilities

MLIST - [oss-security] 20140513 CVE request: various NodeJS module vulnerabilities


Last Updated: 27 May 2016 11:05:18