CVE-2013-1364 — Improper Authentication in Zabbix

CWE-287 — Improper Authentication CWE-416 — Use After Free12 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 36.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 14

Latest updateMay 17

Description

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:2.0.4+dfsg-2 (bookworm)

▶Debianzabbix/zabbix< 1:2.0.4+dfsg-2+3

▶NVDzabbix/zabbix1.8.15+5

🔴Vulnerability Details

GHSA

GHSA-vq34-c5hg-7r26: The user↗2022-05-17

▶

OSV

CVE-2013-1364: The user↗2013-12-14

▶

💥Exploits & PoCs

Exploit-DB

Google Chrome - Cookie Verification Denial of Service↗2013-04-04

▶

📋Vendor Advisories

Red Hat

Kernel: drm/i915: heap writing overflow↗2013-03-11

▶

Red Hat

icu: Race condition leading to a use-after-free↗2013-02-21

▶

Debian

CVE-2013-1364: zabbix - The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows r...↗2013

▶

💬Community

Bugzilla

CVE-2013-0900 icu: Race condition leading to a use-after-free↗2013-03-05

▶

Bugzilla

CVE-2013-1364 zabbix: possible to override LDAP configuration parameters via the API [fedora-all]↗2013-01-19

▶

Bugzilla

CVE-2013-1364 zabbix: possible to override LDAP configuration parameters via the API [epel-6]↗2013-01-19

▶

Bugzilla

CVE-2013-1364 zabbix: possible to override LDAP configuration parameters via the API [epel-6]↗2013-01-19

▶

Bugzilla

CVE-2013-1364 zabbix: possible to override LDAP configuration parameters via the API↗2013-01-19

▶