Back to search
CVE-2013-6765
Published: May 19, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6
mailing-list
x_refsource_MLIST
[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.
mailing-list
x_refsource_MLIST
http://www.openvas.org/OVSA20131108.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now