Lucene search

[email protected]CVE-2013-2182

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2013-2182

2014-06-1314:55:12

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-2182

mandril

monkey http daemon

monkeyd

security plugin

access restrictions

encoded forward slash

nvd

6.8 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.077 Low

EPSS

Percentile

94.2%

JSON

The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.

Affected configurations

NVD

Node

monkey-projectmonkeyRange≤1.4.0

CPENameOperatorVersion
monkey-project:monkeymonkey-project monkeyle1.4.0

CPE	Name	Operator	Version
monkey-project:monkey	monkey-project monkey	le	1.4.0

References

bugs.monkey-project.com/ticket/186

osvdb.org/94287

secunia.com/advisories/53638

www.openwall.com/lists/oss-security/2013/06/14/11

www.securityfocus.com/bid/60569

github.com/monkey/monkey/commit/15f72c1ee5e0afad20232bdf0fcecab8d62a5d89

github.com/monkey/monkey/issues/92

6.8 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2013-2182

prion1 ubuntucve1 cvelist1 nvd1