Vulnerability Details : CVE-2013-4279
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.
Vulnerability category: Information leak
Products affected by CVE-2013-4279
- cpe:2.3:a:imapsync_project:imapsync:*:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.547:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.516:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.504:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.554:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.500:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.558:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.542:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.518:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.508:*:*:*:*:*:*:*
- cpe:2.3:a:imapsync_project:imapsync:1.525:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4279
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4279
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4279
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:060
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=1000215
1000215 – (CVE-2013-4279) CVE-2013-4279 imapsync default version check with http://imapsync.lamiral.info information leakageExploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130493.html
[SECURITY] Fedora 20 Update: imapsync-1.584-2.fc20
-
http://www.securityfocus.com/bid/65002
imapsync CVE-2013-4279 Information Disclosure Vulnerability
Jump to