Lucene search

[email protected]CVE-2011-2329

HistoryJun 02, 2011 - 8:55 p.m.

CVE-2011-2329

2011-06-0220:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-2329

apache rampart/c

timestamp token validation

nvd

security vulnerability

6.5 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.1%

JSON

The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.

CPENameOperatorVersion
apache:rampart\/capache rampart\/ceq1.3.0

CPE	Name	Operator	Version
apache:rampart\/c	apache rampart\/c	eq	1.3.0

References

launchpadlibrarian.net/72471990/rampart_1.3.0-1ubuntu2_1.3.0-1ubuntu3.diff.gz

www.ubuntu.com/usn/USN-1137-1

exchange.xforce.ibmcloud.com/vulnerabilities/67860

launchpad.net/ubuntu/+source/rampart/+changelog

6.5 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.1%

JSON

Related for CVE-2011-2329

prion2 nessus1 ubuntucve2 securityvulns2 cve1 openvas2 ubuntu1