CVE-2013-6766
19.05.2014, 14:55
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.Enginsight
| Vendor | Product | Version |
|---|---|---|
| openvas | openvas_administrator | 1.2:rc1 |
| openvas | openvas_administrator | 1.2.0 |
| openvas | openvas_administrator | 1.2.1 |
| openvas | openvas_administrator | 1.3:beta1 |
| openvas | openvas_administrator | 1.3:rc1 |
| openvas | openvas_administrator | 1.3.0 |
| openvas | openvas_administrator | 1.3.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References