Vulnerability Details : CVE-2013-4365
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Vulnerability category: OverflowMemory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2013-4365
Probability of exploitation activity in the next 30 days: 0.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4365
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4365
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4365
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
openSUSE-SU-2013:1664-1: moderate: update for apache2-mod_fcgidMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
[security-announce] SUSE-SU-2013:1667-1: important: Security update forMailing List;Third Party Advisory
-
http://www.mail-archive.com/dev@httpd.apache.org/msg58077.html
[ANNOUNCE] mod_fcgid 2.3.9 releasedThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2778
Debian -- Security Information -- DSA-2778-1 libapache2-mod-fcgidThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
openSUSE-SU-2013:1613-1: moderate: This update fixes a heap overflow inMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
openSUSE-SU-2013:1609-1: moderate: update for apache2-mod_fcgidMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/62939
Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://svn.apache.org/viewvc?view=revision&revision=1527362
[Apache-SVN] Revision 1527362Patch;Vendor Advisory
Products affected by CVE-2013-4365
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*When used together with: Apache » Http Server
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- cpe:2.3:a:suse:cloud:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:cloud:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*