Vulnerability Details : CVE-2013-2138
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
Vulnerability category: Input validation
Products affected by CVE-2013-2138
- cpe:2.3:a:menalto:gallery:*:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:menalto:gallery:3.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2138
1.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-2138
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2138
-
http://sourceforge.net/apps/trac/gallery/ticket/2070
Page not found - SourceForge.net
-
https://bugzilla.redhat.com/show_bug.cgi?id=970596
970596 – (CVE-2013-2138) CVE-2013-2138 gallery3: Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks
-
http://sourceforge.net/apps/trac/gallery/ticket/2068
Page not found - SourceForge.net
-
https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa
Wrap all Flowplayer SWF files with a preamble that strips query param… · gallery/gallery3@3e5bba2 · GitHub
-
https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a
Strip URL fragments off of direct requests to uploadify SWF files. · gallery/gallery3@80bb0f2 · GitHub
-
http://galleryproject.org/gallery_3_0_8
Gallery 3.0.8 security release available | GalleryVendor Advisory
-
http://www.openwall.com/lists/oss-security/2013/06/04/9
oss-security - Re: CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks
Jump to