CVE-2013-1841

high

Description

Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82900

https://bugzilla.redhat.com/show_bug.cgi?id=920683

http://www.securityfocus.com/bid/58309

http://www.openwall.com/lists/oss-security/2013/03/12/2

http://www.openwall.com/lists/oss-security/2013/03/04/10

Details

Source: Mitre, NVD

Published: 2014-06-13

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics