CVE-2013-3507
published 2013-05-08CVE-2013-3507: The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a…
PriorityP416medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.34%
67.7th percentile
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gwos | groundwork_monitor | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-34xv-p49x-ww37: The NeDi component in GroundWork Monitor Enterprise 6
ghsa_unreviewed·2022-05-17
CVE-2013-3507 [MEDIUM] CWE-200 GHSA-34xv-p49x-ww37: The NeDi component in GroundWork Monitor Enterprise 6
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.
Red Hat
openssl: DTLS memory leak from zero-length fragments
vendor_redhat·2014-08-06·CVSS 5.0
CVE-2014-3507 [MEDIUM] CWE-401 openssl: DTLS memory leak from zero-length fragments
openssl: DTLS memory leak from zero-length fragments
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.
Statement: This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.kb.cert.org/vuls/id/345260https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controlshttps://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txthttp://www.kb.cert.org/vuls/id/345260https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controlshttps://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt
2013-05-08
Published