CVE-2013-7239 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.8 UNKNOWN	ADJACENT_NETWORK	LOW		AV:A/AC:L/Au:N/C:P/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Affected Products (NVD)

Vendor	Product	Version
memcached	memcached	𝑥 ≤ 1.4.16
memcached	memcached	1.4.0
memcached	memcached	1.4.1
memcached	memcached	1.4.2
memcached	memcached	1.4.3
memcached	memcached	1.4.4
memcached	memcached	1.4.5
memcached	memcached	1.4.6
memcached	memcached	1.4.7
memcached	memcached	1.4.8
memcached	memcached	1.4.9
memcached	memcached	1.4.10
memcached	memcached	1.4.11
memcached	memcached	1.4.12
memcached	memcached	1.4.13
memcached	memcached	1.4.14
memcached	memcached	1.4.15

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

memcached

bookworm	1.6.18-1 fixed
bullseye	1.6.9+dfsg-1 fixed
sid	1.6.32-2 fixed
squeeze	not-affected
trixie	1.6.32-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

memcached

lucid	ignored
precise	not-affected
quantal	Fixed 1.4.14-0ubuntu1.12.10.1 released
raring	Fixed 1.4.14-0ubuntu1.13.04.1 released
saucy	Fixed 1.4.14-0ubuntu4.1 released

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://seclists.org/oss-sec/2013/q4/572

http://secunia.com/advisories/56183

http://www.debian.org/security/2014/dsa-2832

http://www.securityfocus.com/bid/64559

http://www.ubuntu.com/usn/USN-2080-1

https://code.google.com/p/memcached/wiki/ReleaseNotes1417

http://seclists.org/oss-sec/2013/q4/572

http://secunia.com/advisories/56183

http://www.debian.org/security/2014/dsa-2832

http://www.securityfocus.com/bid/64559

http://www.ubuntu.com/usn/USN-2080-1

https://code.google.com/p/memcached/wiki/ReleaseNotes1417