Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-5606
HistoryNov 18, 2013 - 5:23 a.m.

CVE-2013-5606

2013-11-1805:23:57
CWE-264
[email protected]
web.nvd.nist.gov
9

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

Affected configurations

Nvd
Node
mozillanetwork_security_servicesMatch3.15
OR
mozillanetwork_security_servicesMatch3.15.1
OR
mozillanetwork_security_servicesMatch3.15.2
VendorProductVersionCPE
mozillanetwork_security_services3.15cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
mozillanetwork_security_services3.15.1cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
mozillanetwork_security_services3.15.2cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*

References

Related

ubuntucve 1
cvelist 1
debiancve 1
cve 1
prion 1
fedora 30
openvas 66
nessus 36
osv 2
suse 1
ubuntu 1
debian 2
oraclelinux 3
mozilla 1
mageia 1
securityvulns 1
amazon 2
veracode 3
centos 2
redhat 3
gentoo 2
oracle 4
ubuntucve
ubuntucve
CVE-2013-5606
2013-11-14 00:00:00
cvelist
cvelist
CVE-2013-5606
2013-11-16 15:00:00
debiancve
debiancve
CVE-2013-5606
2013-11-18 05:23:57
cve
cve
CVE-2013-5606
2013-11-18 05:23:57
prion
prion
Design/Logic Flaw
2013-11-18 05:23:00
fedora
fedora
[SECURITY] Fedora 19 Update: nss-3.15.3.1-1.fc19
2014-01-05 12:35:19
[SECURITY] Fedora 19 Update: nss-softokn-3.15.3-1.fc19
2013-12-15 03:36:48
[SECURITY] Fedora 20 Update: nss-3.15.3.1-1.fc20
2013-12-22 05:41:01
openvas
openvas
Fedora Update for nss-util FEDORA-2013-23479
2013-12-23 00:00:00
Fedora Update for nss-softokn FEDORA-2013-23479
2013-12-23 00:00:00
Fedora Update for nss-util FEDORA-2013-23301
2013-12-17 00:00:00
nessus
nessus
OracleVM 3.3 : nss-util (OVMSA-2014-0015)
2014-11-26 00:00:00
OracleVM 3.3 : nss (OVMSA-2014-0014)
2014-11-26 00:00:00
Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
2013-11-18 00:00:00
osv
osv
nss - security update
2014-07-31 00:00:00
nss - security update
2014-07-31 00:00:00
suse
suse
Security update for mozilla-nspr, mozilla-nss (important)
2013-12-02 20:04:14
ubuntu
ubuntu
NSS vulnerabilities
2013-11-18 00:00:00
debian
debian
[DLA 23-1] nss security update
2014-07-31 11:23:33
[SECURITY] [DSA 2994-1] nss security update
2014-07-31 11:51:32
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
nss, nspr, and nss-util security update
2013-12-12 00:00:00
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
amazon
amazon
Important: nspr
2013-12-17 21:31:00
Important: nss
2013-12-17 21:31:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:00:20
Authentication Bypass
2019-05-02 05:00:22
Denial Of Service (DoS)
2019-05-02 05:00:22
centos
centos
nspr, nss security update
2013-12-13 00:04:31
nspr, nss security update
2013-12-05 17:45:58
redhat
redhat
(RHSA-2013:1829) Important: nss, nspr, and nss-util security update
2013-12-12 00:00:00
(RHSA-2013:1791) Important: nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

9.3

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON
Related for NVD:CVE-2013-5606
ubuntucve1cvelist1debiancve1cve1prion1fedora30openvas66nessus36osv2suse1ubuntu1debian2oraclelinux3mozilla1mageia1securityvulns1amazon2veracode3centos2redhat3gentoo2oracle4