QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0267

Published: Feb 21, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[www-announce] 20130506 Apache VCL improper input validation

mailing-list

x_refsource_MLIST

https://github.com/apache/vcl/commit/56c0f040056d6ad8693b20cfd3351367c2ffeabc#diff-2567a5ec9705eb7ac2c984033e06189d

x_refsource_CONFIRM

[vcl-commits] 20190729 svn commit: r1048217 - in /websites/staging/vcl/trunk/content: ./ security.html

mailing-list

x_refsource_MLIST

[vcl-commits] 20190729 svn commit: r1863947 - /vcl/site/trunk/content/security.mdtext

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.