CVE-2013-2138

Published: Oct 10, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=970596

x_refsource_CONFIRM

https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f21c72efa

x_refsource_CONFIRM

http://galleryproject.org/gallery_3_0_8

x_refsource_MISC

[oss-security] 20130604 Re: CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks

mailing-list

x_refsource_MLIST

https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab63cc376a

x_refsource_CONFIRM

http://sourceforge.net/apps/trac/gallery/ticket/2070

x_refsource_CONFIRM

http://sourceforge.net/apps/trac/gallery/ticket/2068

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-2138

Description

Affected Products

References