CVE-2013-7239 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.8 UNKNOWN	ADJACENT_NETWORK	LOW		AV:A/AC:L/Au:N/C:P/I:P/A:N
debian	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
memcached	memcached	𝑥 ≤ 1.4.16
memcached	memcached	1.4.0
memcached	memcached	1.4.1
memcached	memcached	1.4.2
memcached	memcached	1.4.3
memcached	memcached	1.4.4
memcached	memcached	1.4.5
memcached	memcached	1.4.6
memcached	memcached	1.4.7
memcached	memcached	1.4.8
memcached	memcached	1.4.9
memcached	memcached	1.4.10
memcached	memcached	1.4.11
memcached	memcached	1.4.12
memcached	memcached	1.4.13
memcached	memcached	1.4.14
memcached	memcached	1.4.15

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

memcached

bullseye	1.6.9+dfsg-1 fixed
squeeze	not-affected
bookworm	1.6.18-1 fixed
trixie	1.6.32-1 fixed
sid	1.6.32-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

memcached

saucy	Fixed 1.4.14-0ubuntu4.1 released
raring	Fixed 1.4.14-0ubuntu1.13.04.1 released
quantal	Fixed 1.4.14-0ubuntu1.12.10.1 released
precise	not-affected
lucid	ignored

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://seclists.org/oss-sec/2013/q4/572

http://secunia.com/advisories/56183

http://www.debian.org/security/2014/dsa-2832

http://www.securityfocus.com/bid/64559

http://www.ubuntu.com/usn/USN-2080-1

https://code.google.com/p/memcached/wiki/ReleaseNotes1417

http://seclists.org/oss-sec/2013/q4/572

http://secunia.com/advisories/56183

http://www.debian.org/security/2014/dsa-2832

http://www.securityfocus.com/bid/64559

http://www.ubuntu.com/usn/USN-2080-1

https://code.google.com/p/memcached/wiki/ReleaseNotes1417