Vulnerability Details : CVE-2013-7239
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-7239
- cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*
Threat overview for CVE-2013-7239
Top countries where our scanners detected CVE-2013-7239
Top open port discovered on systems with this issue
11211
IPs affected by CVE-2013-7239 11,830
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-7239!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-7239
1.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:N |
6.5
|
4.9
|
NIST |
CWE ids for CVE-2013-7239
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7239
-
http://www.debian.org/security/2014/dsa-2832
Debian -- Security Information -- DSA-2832-1 memcached
-
http://www.ubuntu.com/usn/USN-2080-1
USN-2080-1: Memcached vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/64559
memcache SASL Authentication Security Bypass Vulnerability
-
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Google Code Archive - Long-term storage for Google Code Project Hosting.Patch
-
http://seclists.org/oss-sec/2013/q4/572
oss-sec: Re: CVE Request: SASL authentication allows wrong credentials to access memcache
Jump to