CVE-2013-7239

2014-01-1321:55:00

CWE-287

[email protected]

web.nvd.nist.gov

memcached

authentication bypass

cve-2013-7239

security vulnerabilities

nvd

9.3 High

AI Score

Confidence

High

4.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

0.016 Low

EPSS

Percentile

87.0%

JSON

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

CPENameOperatorVersion
memcached:memcachedmemcachedle1.4.16
memcached:memcachedmemcachedeq1.4.13
memcached:memcachedmemcachedeq1.4.2
memcached:memcachedmemcachedeq1.4.15
memcached:memcachedmemcachedeq1.4.7
memcached:memcachedmemcachedeq1.4.5
memcached:memcachedmemcachedeq1.4.6
memcached:memcachedmemcachedeq1.4.11
memcached:memcachedmemcachedeq1.4.10
memcached:memcachedmemcachedeq1.4.4

CPE	Name	Operator	Version
memcached:memcached	memcached	le	1.4.16
memcached:memcached	memcached	eq	1.4.13
memcached:memcached	memcached	eq	1.4.2
memcached:memcached	memcached	eq	1.4.15
memcached:memcached	memcached	eq	1.4.7
memcached:memcached	memcached	eq	1.4.5
memcached:memcached	memcached	eq	1.4.6
memcached:memcached	memcached	eq	1.4.11
memcached:memcached	memcached	eq	1.4.10
memcached:memcached	memcached	eq	1.4.4