CVE-2013-5663
published 2013-08-31CVE-2013-5663: The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.82%
84.8th percentile
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 4.0.8 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
App-ID Cache Poisoning
vendor_paloalto·2013-01-07·CVSS 4.3
CVE-2013-5663 [MEDIUM] CWE-264 App-ID Cache Poisoning
App-ID Cache Poisoning
An evasion technique that takes advantage of the App-ID cache function has recently been published. In certain circumstances, a knowledgeable user can bypass security policy that restricts the use of certain applications by sending numerous specially crafted requests over the network in order to poison the firewall’s App-ID cache. This can result in the use of a blocked application for a period of time. If the App-ID cache pollution evasion technique is a potential problem for your network, we recommend using one or both of the mitigation steps noted below while we further enhance the App-ID cache feature to resist all possible pollution techniques. (Ref #47195)
This issue affects the ability of the firewall to block certain applications when specially crafted reque
GHSA
GHSA-h2xj-j4rp-84f4: The App-ID cache feature in Palo Alto Networks PAN-OS before 4
ghsa_unreviewed·2022-05-14
CVE-2013-5663 [MEDIUM] GHSA-h2xj-j4rp-84f4: The App-ID cache feature in Palo Alto Networks PAN-OS before 4
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptxhttp://pastie.org/pastes/5568186/texthttp://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/https://security.paloaltonetworks.com/CVE-2013-5663http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptxhttp://pastie.org/pastes/5568186/texthttp://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/https://security.paloaltonetworks.com/CVE-2013-5663
2013-08-31
Published