SUSE CVE-2013-2178

🗓️ 15 Feb 2023 05:38:59Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Fail2ban before 0.8.10 fails to validate Apache log messages in config files, enabling attackers to block arbitrary IPs.

Reporter	Title	Published	Views	Family All 31
Amazon	Medium: fail2ban	12 Jul 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : fail2ban (ALAS-2013-209)	4 Sep 201300:00	–	nessus
Tenable Nessus	Debian DSA-2708-1 : fail2ban - denial of service	17 Jun 201300:00	–	nessus
Tenable Nessus	Fedora 18 : fail2ban-0.8.10-1.fc18 (2013-10806)	12 Jul 201300:00	–	nessus
Tenable Nessus	GLSA-201406-03 : Fail2ban: Multiple vulnerabilities	2 Jun 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : fail2ban (MDVSA-2013:191)	3 Jul 201300:00	–	nessus
Tenable Nessus	openSUSE Security Update : fail2ban (openSUSE-SU-2013:1120-1)	13 Jun 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : fail2ban (openSUSE-SU-2014:0348-1)	13 Jun 201400:00	–	nessus
CVE	CVE-2013-2178	28 Aug 201317:18	–	cve
Cvelist	CVE-2013-2178	28 Aug 201317:18	–	cvelist

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	susefirewall2-fail2ban	0.9.5-1.1	SuSEfirewall2-fail2ban-0.9.5-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	fail2ban	0.9.5-1.1	fail2ban-0.9.5-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	nagios-plugins-fail2ban	0.9.5-1.1	nagios-plugins-fail2ban-0.9.5-1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2013-2178
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/824710
bugzilla	www.bugzilla.suse.com/861504

03 Jul 2025 00:17Current

7.1High risk

Vulners AI Score7.1

CVSS 25

EPSS0.00828

CVE-2013-2178 Fail2ban Apache configuration files Log message validation Block arbitrary IPs Remote attackers