CVE-2012-5642

Published: Dec 31, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20121217 Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content

mailing-list

x_refsource_MLIST

https://github.com/fail2ban/fail2ban/commit/83109bc

x_refsource_CONFIRM

[fail2ban-users] 20121206 0.8.8 release

mailing-list

x_refsource_MLIST

https://raw.github.com/fail2ban/fail2ban/master/ChangeLog

x_refsource_CONFIRM

https://bugs.gentoo.org/show_bug.cgi?id=447572

x_refsource_CONFIRM

openSUSE-SU-2013:0567

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=887914

x_refsource_CONFIRM

MDVSA-2013:078

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2013:0566

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-5642

Description

Affected Products

References