Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-7108
HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-7108

2014-01-1516:08:04
CWE-20
[email protected]
web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

7.3 High

AI Score

Confidence

High

0.941 High

EPSS

Percentile

99.2%

JSON

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.

Affected configurations

NVD
Node
nagiosnagiosRange4.0.2
OR
nagiosnagiosMatch3.0
OR
nagiosnagiosMatch3.0alpha1
OR
nagiosnagiosMatch3.0alpha2
OR
nagiosnagiosMatch3.0alpha3
OR
nagiosnagiosMatch3.0alpha4
OR
nagiosnagiosMatch3.0alpha5
OR
nagiosnagiosMatch3.0beta1
OR
nagiosnagiosMatch3.0beta2
OR
nagiosnagiosMatch3.0beta3
OR
nagiosnagiosMatch3.0beta4
OR
nagiosnagiosMatch3.0beta5
OR
nagiosnagiosMatch3.0beta6
OR
nagiosnagiosMatch3.0beta7
OR
nagiosnagiosMatch3.0rc1
OR
nagiosnagiosMatch3.0rc2
OR
nagiosnagiosMatch3.0rc3
OR
nagiosnagiosMatch3.0.1
OR
nagiosnagiosMatch3.0.2
OR
nagiosnagiosMatch3.0.3
OR
nagiosnagiosMatch3.0.4
OR
nagiosnagiosMatch3.0.5
OR
nagiosnagiosMatch3.0.6
OR
nagiosnagiosMatch3.1.0
OR
nagiosnagiosMatch3.1.1
OR
nagiosnagiosMatch3.1.2
OR
nagiosnagiosMatch3.2.0
OR
nagiosnagiosMatch3.2.1
OR
nagiosnagiosMatch3.2.2
OR
nagiosnagiosMatch3.2.3
OR
nagiosnagiosMatch3.3.1
OR
nagiosnagiosMatch3.4.0
OR
nagiosnagiosMatch3.4.1
OR
nagiosnagiosMatch3.4.2
OR
nagiosnagiosMatch3.4.3
OR
nagiosnagiosMatch3.5.1
Node
icingaicingaRange1.8.4
OR
icingaicingaMatch0.8.0
OR
icingaicingaMatch0.8.1
OR
icingaicingaMatch0.8.2
OR
icingaicingaMatch0.8.3
OR
icingaicingaMatch0.8.4
OR
icingaicingaMatch1.0
OR
icingaicingaMatch1.0rc1
OR
icingaicingaMatch1.0.1
OR
icingaicingaMatch1.0.2
OR
icingaicingaMatch1.0.3
OR
icingaicingaMatch1.2.0
OR
icingaicingaMatch1.2.1
OR
icingaicingaMatch1.3.0
OR
icingaicingaMatch1.3.1
OR
icingaicingaMatch1.4.0
OR
icingaicingaMatch1.4.1
OR
icingaicingaMatch1.6.0
OR
icingaicingaMatch1.6.1
OR
icingaicingaMatch1.6.2
OR
icingaicingaMatch1.7.0
OR
icingaicingaMatch1.7.1
OR
icingaicingaMatch1.7.2
OR
icingaicingaMatch1.7.3
OR
icingaicingaMatch1.7.4
OR
icingaicingaMatch1.8.0
OR
icingaicingaMatch1.8.1
OR
icingaicingaMatch1.8.2
OR
icingaicingaMatch1.8.3
OR
icingaicingaMatch1.9.0
OR
icingaicingaMatch1.9.1
OR
icingaicingaMatch1.9.2
OR
icingaicingaMatch1.9.3
OR
icingaicingaMatch1.10.0
OR
icingaicingaMatch1.10.1

Related

openvas 9
nessus 13
securityvulns 7
cvelist 1
alpinelinux 1
checkpoint_advisories 1
debiancve 1
ubuntucve 2
cve 1
prion 1
mageia 1
freebsd 1
osv 3
debian 3
gentoo 1
ubuntu 2
ibm 2
amazon 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:0156-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-60-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0010)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)
2014-06-13 00:00:00
SuSE 11.2 / 11.3 Security Update : nagios (SAT Patch Numbers 8726 / 8727)
2014-01-29 00:00:00
openSUSE Security Update : icinga (openSUSE-SU-2014:0097-1)
2014-06-13 00:00:00
securityvulns
securityvulns
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
2014-05-05 00:00:00
[ MDVSA-2014:004 ] nagios
2014-01-19 00:00:00
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga
2014-05-05 00:00:00
cvelist
cvelist
CVE-2013-7108
2014-01-14 18:00:00
alpinelinux
alpinelinux
CVE-2013-7108
2014-01-15 16:08:00
checkpoint_advisories
checkpoint_advisories
Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)
2014-03-16 00:00:00
debiancve
debiancve
CVE-2013-7108
2014-01-15 16:08:04
ubuntucve
ubuntucve
CVE-2013-7108
2014-01-15 00:00:00
CVE-2013-7205
2014-01-15 00:00:00
cve
cve
CVE-2013-7108
2014-01-15 16:08:04
prion
prion
Heap overflow
2014-01-15 16:08:00
mageia
mageia
Updated nagios package fixes security vulnerability
2014-01-17 04:22:05
freebsd
freebsd
nagios -- denial of service vulnerability
2013-12-20 00:00:00
osv
osv
icinga - security update
2014-09-24 00:00:00
icinga - security update
2014-06-11 00:00:00
nagios3 - security update
2018-12-24 00:00:00
debian
debian
[SECURITY] [DLA 60-1] icinga security update
2014-09-24 16:14:21
[SECURITY] [DSA 2956-1] icinga security update
2014-06-11 14:34:20
[SECURITY] [DLA 1615-1] nagios3 security update
2018-12-24 18:11:01
gentoo
gentoo
Nagios: Multiple vulnerabilities
2014-12-13 00:00:00
ubuntu
ubuntu
Nagios regression
2017-06-07 00:00:00
Nagios vulnerabilities
2017-04-03 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in nagios affect PowerKVM
2018-06-18 01:38:44
Security Bulletin: Vulnerabilities in nagios affect PowerKVM
2018-06-18 01:33:23
amazon
amazon
Important: nagios
2017-10-03 11:00:00

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

7.3 High

AI Score

Confidence

High

0.941 High

EPSS

Percentile

99.2%

JSON
Related for NVD:CVE-2013-7108
openvas9nessus13securityvulns7cvelist1alpinelinux1checkpoint_advisories1debiancve1ubuntucve2cve1prion1mageia1freebsd1osv3debian3gentoo1ubuntu2ibm2amazon1