CVE-2013-4560

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt Vendor Advisory
http://jvn.jp/en/jp/JVN37417423/index.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2 Mailing List Third Party Advisory
http://secunia.com/advisories/55682 Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/11/12/4 Mailing List Third Party Advisory
https://www.debian.org/security/2013/dsa-2795 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
History

04 Mar 2021, 20:12

Type Values Removed Values Added
CVSS v2 : 2.6
v3 : unknown 		v2 : 5.0
v3 : unknown
CWE CWE-399 CWE-416
CPE cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.29:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.27:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.31:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.30:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.28:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*		 cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
References (DEBIAN) https://www.debian.org/security/2013/dsa-2795 - (DEBIAN) https://www.debian.org/security/2013/dsa-2795 - Third Party Advisory
References (JVN) http://jvn.jp/en/jp/JVN37417423/index.html - (JVN) http://jvn.jp/en/jp/JVN37417423/index.html - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2013/11/12/4 - (MLIST) http://www.openwall.com/lists/oss-security/2013/11/12/4 - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html - (SUSE) http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/55682 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/55682 - Third Party Advisory
References (HP) http://marc.info/?l=bugtraq&m=141576815022399&w=2 - (HP) http://marc.info/?l=bugtraq&m=141576815022399&w=2 - Mailing List, Third Party Advisory

19 Feb 2021, 05:15

Type Values Removed Values Added
References
  • (JVN) http://jvn.jp/en/jp/JVN37417423/index.html -
Information

Published : 2013-11-20 14:12

Updated : 2023-12-10 11:16

NVD link : CVE-2013-4560

Mitre link : CVE-2013-4560

CVE.ORG link : CVE-2013-4560

JSON object : View

Products Affected

opensuse

  • opensuse

lighttpd

  • lighttpd

debian

  • debian_linux
CWE
CWE-416

Use After Free