Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0174
HistoryFeb 13, 2014 - 8:20 p.m.

piranha security update

2014-02-1320:20:56
CentOS Project
lists.centos.org
42

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

94.0%

JSON

CentOS Errata and Security Advisory CESA-2014:0174

Piranha provides high-availability and load-balancing services for Red Hat
Enterprise Linux. The piranha packages contain various tools to administer
and configure the Linux Virtual Server (LVS), as well as the heartbeat and
failover components. LVS is a dynamically-adjusted kernel routing mechanism
that provides load balancing, primarily for Web and FTP servers.

It was discovered that the Piranha Configuration Tool did not properly
restrict access to its web pages. A remote attacker able to connect to the
Piranha Configuration Tool web server port could use this flaw to read or
modify the LVS configuration without providing valid administrative
credentials. (CVE-2013-6492)

All piranha users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-February/082320.html

Affected packages:
piranha

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0174

OSVersionArchitecturePackageVersionFilename
CentOS5i386piranha< 0.8.4-26.el5_10.1piranha-0.8.4-26.el5_10.1.i386.rpm
CentOS5x86_64piranha< 0.8.4-26.el5_10.1piranha-0.8.4-26.el5_10.1.x86_64.rpm

Related

oraclelinux 1
redhat 2
nessus 7
openvas 5
veracode 1
centos 1
prion 1
cve 1
cvelist 1
nvd 1
oraclelinux
oraclelinux
piranha security update
2014-02-13 00:00:00
redhat
redhat
(RHSA-2014:0175) Important: piranha security and bug fix update
2014-02-13 00:00:00
(RHSA-2014:0174) Important: piranha security update
2014-02-13 00:00:00
nessus
nessus
RHEL 6 : piranha (RHSA-2014:0175)
2014-02-14 00:00:00
CentOS 6 : piranha (CESA-2014:0175)
2014-02-14 00:00:00
RHEL 5 : piranha (RHSA-2014:0174)
2014-11-08 00:00:00
openvas
openvas
CentOS Update for piranha CESA-2014:0174 centos5
2014-02-17 00:00:00
CentOS Update for piranha CESA-2014:0175 centos6
2014-02-17 00:00:00
Oracle: Security Advisory (ELSA-2014-0174)
2015-10-06 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 08:57:02
centos
centos
piranha security update
2014-02-13 20:05:42
prion
prion
Authentication flaw
2014-02-14 15:55:00
cve
cve
CVE-2013-6492
2014-02-14 15:55:05
cvelist
cvelist
CVE-2013-6492
2014-02-14 15:00:00
nvd
nvd
CVE-2013-6492
2014-02-14 15:55:05

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

94.0%

JSON
Related for CESA-2014:0174
oraclelinux1redhat2nessus7openvas5veracode1centos1prion1cve1cvelist1nvd1