CVE-2013-0213 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation11 documents8 sources

Severity

5.1MEDIUMNVD

EPSS

11.1%

top 6.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedFeb 2

Latest updateMay 5

Description

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/samba< samba 2:3.6.6-5 (bookworm)

▶Debiansamba/samba< 2:3.6.6-5+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.13

▶NVDsamba/samba140 versions+139

🔴Vulnerability Details

GHSA

GHSA-7gm8-72hw-wp8h: The Samba Web Administration Tool (SWAT) in Samba 3↗2022-05-05

▶

OSV

samba vulnerabilities↗2016-03-08

▶

OSV

CVE-2013-0213: The Samba Web Administration Tool (SWAT) in Samba 3↗2013-02-02

▶

VulnCheck

Samba Samba Improper Input Validation↗2013

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2016-03-08

▶

Red Hat

samba: clickjacking vulnerability in SWAT↗2013-01-30

▶

Debian

CVE-2013-0213: samba - The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x befor...↗2013

▶

💬Community

Bugzilla

CVE-2013-0213 CVE-2013-0214 samba various flaws [fedora-all]↗2013-01-30

▶

Bugzilla

CVE-2013-0213 CVE-2013-0214 samba4 various flaws [fedora-17]↗2013-01-30

▶

Bugzilla

CVE-2013-0213 samba: clickjacking vulnerability in SWAT↗2013-01-30

▶