Lucene search

RedhatCVE-2013-0264

HistoryDec 30, 2019 - 10:15 p.m.

CVE-2013-0264

2019-12-3022:15:11

CWE-295

redhat

web.nvd.nist.gov

cve-2013-0264

cumin

import error

server certificate validation

aviary servers

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.7%

JSON

An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.

Affected configurations

Nvd

Vulners

Node

redhatmrg_management_consoleMatchr5310

VendorProductVersionCPE
redhatmrg_management_consoler5310cpe:2.3:a:redhat:mrg_management_console:r5310:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	mrg_management_console	r5310	cpe:2.3:a:redhat:mrg_management_console:r5310:::::::*

CNA Affected

[
  {
    "product": "cumin",
    "vendor": "cumin",
    "versions": [
      {
        "status": "affected",
        "version": "r5310"
      }
    ]
  }
]

References

access.redhat.com/security/cve/cve-2013-0264

bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0264

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.7%

JSON

Related for CVE-2013-0264