NVD Vulnerability Detail

CVE-2013-0267

Summary	The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
Publication Date	Feb. 22, 2018, 12:29 a.m.
Registration Date	Jan. 26, 2021, 3:33 p.m.
Last Update	Nov. 21, 2024, 10:47 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d	Third Party Advisory
2	https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d	Third Party Advisory
3	https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99%40%3Ccommits.vcl.apache.org%3E
4	https://lists.apache.org/thread.html/632da9e45fce333f21782f1fe10b1d8e77a63811a34fe8e286dedc99%40%3Ccommits.vcl.apache.org%3E
5	https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0%40%3Ccommits.vcl.apache.org%3E
6	https://lists.apache.org/thread.html/944592973c91cd106a42095271c3f6c7ab9c8d70077b8c6a8d4d92d0%40%3Ccommits.vcl.apache.org%3E
7	https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7%40treebeard%3E
8	https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7%40treebeard%3E

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html
2	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Apache VCL における入力確認に関する脆弱性

Title	Apache VCL における入力確認に関する脆弱性
Summary	Apache VCL には、入力確認に関する脆弱性、および認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 6, 2013, midnight
Registration Date	April 9, 2018, 6:23 p.m.
Last Update	April 9, 2018, 6:23 p.m.

Affected System

Apache Software Foundation

Apache VCL 2.1

Apache VCL 2.2.2 未満の 2.2.x

Apache VCL 2.3.2 未満の 2.3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-0267	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0267
National Vulnerability Database (NVD)
2	CVE-2013-0267	https://nvd.nist.gov/vuln/detail/CVE-2013-0267

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html
2	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GitHub
1	xmlrpcWrappers.php:	https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d
Mailing list archives
2	Apache VCL improper input validation	https://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C1658214.8zndv4WEi7@treebeard%3E

Change Log

No	Changed Details	Date of change
1	[2018年04月09日] 掲載	April 9, 2018, 5:36 p.m.