CVE-2013-1770 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
ganglia	ganglia-web	3.5.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ganglia

bookworm	3.7.2-6 fixed
bullseye	3.7.2-4 fixed
sid	3.7.2-7 fixed
squeeze	no-dsa
wheezy	no-dsa

ganglia-web

bookworm	3.7.5+debian-4 fixed
bullseye	3.7.5+debian-3 fixed
sid	3.7.6+debian-1 fixed
squeeze	no-dsa
trixie	3.7.6+debian-1 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

ganglia

hardy	dne
lucid	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://secunia.com/advisories/52673

http://www.openwall.com/lists/oss-security/2013/02/21/12

http://www.openwall.com/lists/oss-security/2013/02/26/11

https://bugzilla.redhat.com/show_bug.cgi?id=892823

https://exchange.xforce.ibmcloud.com/vulnerabilities/82468

https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6

https://github.com/ganglia/ganglia-web/issues/160

http://secunia.com/advisories/52673

http://www.openwall.com/lists/oss-security/2013/02/21/12

http://www.openwall.com/lists/oss-security/2013/02/26/11

https://bugzilla.redhat.com/show_bug.cgi?id=892823

https://exchange.xforce.ibmcloud.com/vulnerabilities/82468

https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6

https://github.com/ganglia/ganglia-web/issues/160