Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7401

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7401
Last Modified 10 Sep 2015 11:27:42
Published 19 Dec 2014 03:59:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7401

Summary

The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

Vulnerable Systems

Application

  • C-icap Project C-icap 0.2.1

  • C-icap Project C-icap 0.2.2

  • C-icap Project C-icap 0.2.3

  • C-icap Project C-icap 0.2.4

  • C-icap Project C-icap 0.2.5

  • C-icap Project C-icap 0.2.6


References

OSVDB - 89304

CONFIRM - http://sourceforge.net/p/c-icap/code/1018/

GENTOO - GLSA-201409-07

MISC - http://osvdb.org/ref/89/c-icap.txt

MLIST - [oss-security] 20140915 Re: CVE assignment for c-icap Server

MANDRIVA - MDVSA-2015:001

CONFIRM - http://advisories.mageia.org/MGASA-2014-0530.html


Last Updated: 27 May 2016 11:08:12