Vulnerability Details : CVE-2013-6492
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
Products affected by CVE-2013-6492
- cpe:2.3:a:ryan_ohara:piranha:0.8.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6492
5.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6492
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST |
CWE ids for CVE-2013-6492
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6492
-
http://rhn.redhat.com/errata/RHSA-2014-0174.html
RHSA-2014:0174 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1043040
1043040 – (CVE-2013-6492) CVE-2013-6492 piranha: web UI authentication bypass using POST requests
-
http://rhn.redhat.com/errata/RHSA-2014-0175.html
RHSA-2014:0175 - Security Advisory - Red Hat Customer Portal
-
http://bugs.centos.org/view.php?id=6825
0006825: Authentication bypass in Webinterface - CentOS Bug Tracker
Jump to