Lucene search

RedhatCVE-2013-2182

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2013-2182

2014-06-1314:55:12

CWE-264

redhat

web.nvd.nist.gov

cve-2013-2182

mandril

monkey http daemon

monkeyd

security plugin

access restrictions

encoded forward slash

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.074

Percentile

94.2%

JSON

The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.

Affected configurations

Nvd

Node

monkey-projectmonkeyRange≤1.4.0

VendorProductVersionCPE
monkey-projectmonkey*cpe:2.3:a:monkey-project:monkey:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
monkey-project	monkey	*	cpe:2.3:a:monkey-project:monkey::::::::

References

bugs.monkey-project.com/ticket/186

osvdb.org/94287

secunia.com/advisories/53638

www.openwall.com/lists/oss-security/2013/06/14/11

www.securityfocus.com/bid/60569

github.com/monkey/monkey/commit/15f72c1ee5e0afad20232bdf0fcecab8d62a5d89

github.com/monkey/monkey/issues/92

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.074

Percentile

94.2%

JSON

Related for CVE-2013-2182