Lucene search

[email protected]CVE-2013-7234

HistoryApr 29, 2014 - 2:38 p.m.

CVE-2013-7234

2014-04-2914:38:47

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-7234

smf

clickjacking

x-frame-options

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

Affected configurations

NVD

Node

simplemachinessimple_machines_forumRange≤1.1.9

simplemachinessimple_machines_forumMatch1.0

simplemachinessimple_machines_forumMatch1.0beta4

simplemachinessimple_machines_forumMatch1.0beta4.1

simplemachinessimple_machines_forumMatch1.0beta5

simplemachinessimple_machines_forumMatch1.0beta6

simplemachinessimple_machines_forumMatch1.0rc1

simplemachinessimple_machines_forumMatch1.0rc2

simplemachinessimple_machines_forumMatch1.0.1

simplemachinessimple_machines_forumMatch1.0.2

simplemachinessimple_machines_forumMatch1.0.3

simplemachinessimple_machines_forumMatch1.0.4

simplemachinessimple_machines_forumMatch1.0.5

simplemachinessimple_machines_forumMatch1.0.6

simplemachinessimple_machines_forumMatch1.0.7

simplemachinessimple_machines_forumMatch1.0.8

simplemachinessimple_machines_forumMatch1.0.9

simplemachinessimple_machines_forumMatch1.0.10

simplemachinessimple_machines_forumMatch1.0.12

simplemachinessimple_machines_forumMatch1.0.13

simplemachinessimple_machines_forumMatch1.0.14

simplemachinessimple_machines_forumMatch1.0.15

simplemachinessimple_machines_forumMatch1.0.16

simplemachinessimple_machines_forumMatch1.0.17

simplemachinessimple_machines_forumMatch1.0.18

simplemachinessimple_machines_forumMatch1.0.19

simplemachinessimple_machines_forumMatch1.0.20

simplemachinessimple_machines_forumMatch1.0.21

simplemachinessimple_machines_forumMatch1.0.22

simplemachinessimple_machines_forumMatch1.0.23

simplemachinessimple_machines_forumMatch1.1

simplemachinessimple_machines_forumMatch1.1beta1

simplemachinessimple_machines_forumMatch1.1beta2

simplemachinessimple_machines_forumMatch1.1beta3

simplemachinessimple_machines_forumMatch1.1beta4

simplemachinessimple_machines_forumMatch1.1rc1

simplemachinessimple_machines_forumMatch1.1rc2

simplemachinessimple_machines_forumMatch1.1rc3

simplemachinessimple_machines_forumMatch1.1.1

simplemachinessimple_machines_forumMatch1.1.2

simplemachinessimple_machines_forumMatch1.1.3

simplemachinessimple_machines_forumMatch1.1.4

simplemachinessimple_machines_forumMatch1.1.5

simplemachinessimple_machines_forumMatch1.1.6

simplemachinessimple_machines_forumMatch1.1.7

simplemachinessimple_machines_forumMatch1.1.8

simplemachinessimple_machines_forumMatch1.1.10

simplemachinessimple_machines_forumMatch1.1.11

simplemachinessimple_machines_forumMatch1.1.12

simplemachinessimple_machines_forumMatch1.1.13

simplemachinessimple_machines_forumMatch1.1.14

simplemachinessimple_machines_forumMatch1.1.15

simplemachinessimple_machines_forumMatch1.1.16

simplemachinessimple_machines_forumMatch1.1.17

simplemachinessimple_machines_forumMatch2.0beta1

simplemachinessimple_machines_forumMatch2.0beta2

simplemachinessimple_machines_forumMatch2.0beta2.1

simplemachinessimple_machines_forumMatch2.0beta3

simplemachinessimple_machines_forumMatch2.0beta3.1

simplemachinessimple_machines_forumMatch2.0beta4

simplemachinessimple_machines_forumMatch2.0rc1

simplemachinessimple_machines_forumMatch2.0rc2

simplemachinessimple_machines_forumMatch2.0rc3

simplemachinessimple_machines_forumMatch2.0rc4

simplemachinessimple_machines_forumMatch2.0rc5

simplemachinessimple_machines_forumMatch2.0.1

simplemachinessimple_machines_forumMatch2.0.2

simplemachinessimple_machines_forumMatch2.0.3

simplemachinessimple_machines_forumMatch2.0.4

simplemachinessimple_machines_forumMatch2.0.5

simplemachinessimple_machines_forumMatch2.0.6

CPENameOperatorVersion
simplemachines:simple_machines_forumsimplemachines simple machines forumle1.1.9
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.1
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.2
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.3
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.4
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.5
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.6
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.7
simplemachines:simple_machines_forumsimplemachines simple machines forumeq1.0.8

CPE	Name	Operator	Version
simplemachines:simple_machines_forum	simplemachines simple machines forum	le	1.1.9
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.1
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.2
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.3
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.4
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.5
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.6
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.7
simplemachines:simple_machines_forum	simplemachines simple machines forum	eq	1.0.8

Rows per page:

1-10 of 481

References

download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt

seclists.org/fulldisclosure/2013/Dec/83

www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/

www.openwall.com/lists/oss-security/2013/12/30/1

www.openwall.com/lists/oss-security/2013/12/30/3

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

Related for CVE-2013-7234

nvd1 prion1 cvelist1