Vulnerability CVE-2013-0263

Vulnerability Name:

CVE-2013-0263 (CCN-81978)

Assigned:

2012-12-06

Published:

2013-02-07

Updated:

2023-02-13

Summary:

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-0263

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Rack Web site
Rack

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2013-0638
Moderate: Red Hat OpenShift Enterprise 1.1.2 update

Source: CCN
Type: RHSA-2013-0686
Moderate: Subscription Asset Manager 1.2.1 update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA52033
Rack Insecure File Access Security Issue

Source: CCN
Type: SA52134
Rack "Rack::Session::Cookie" Information Disclosure Security Issue

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2783
librack-ruby -- several vulnerabilities

Source: CCN
Type: BID-57860
Rack Timing Attack Remote Code Execution Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
rack-code-execution(81978)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Google Groups: Rack Development
Rack 1.4.5, a modular Ruby webserver interface

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20130263	V	CVE-2013-0263	2022-06-30
oval:org.opensuse.security:def:11	P	automake-1.15.1-2.145 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:25	P	chrony-3.2-9.18.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:113400	P	ruby2.7-rubygem-rack-2.0-2.0.9-1.10 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113361	P	ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113401	P	ruby2.7-rubygem-rack-2.2.3-1.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113362	P	ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113399	P	ruby2.7-rubygem-rack-1_6-1.6.13-1.13 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106804	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:106805	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26188	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:55264	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:55261	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:106806	P	ruby2.7-rubygem-rack-2.2.3-1.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106769	P	ruby2.2-rubygem-rack-1_6-1.6.5-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:106768	P	ruby2.2-rubygem-rack-1_4-1.4.7-1.8 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:55947	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:26124	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:55944	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:26112	P	Security update for sssd (Important)	2021-08-30
oval:org.opensuse.security:def:26113	P	Security update for mysql-connector-java (Moderate)	2021-08-30
oval:org.opensuse.security:def:5091	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:70788	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:5069	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:5751	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:5060	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:36563	P	rubygem-rack-1_4-1.4.5-0.5.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70901	P	file-5.32-5.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:5729	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:5027	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:67548	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:5078	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:55781	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:55778	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:55124	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:11259	P	ruby2.1-rubygem-chef-10.32.2-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89545	P	ruby2.5-rubygem-rack-2.0.3-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103200	P	ruby2.5-rubygem-rack-2.0.3-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:96510	P	ruby2.5-rubygem-rack-2.0.3-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4800	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4846	P	Security update for skopeo (Important)	2020-12-02
oval:org.opensuse.security:def:55121	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:4893	P	Security update for graphviz (Low)	2020-12-02
oval:org.opensuse.security:def:4770	P	Security update for qemu (Important)	2020-12-02
oval:org.opensuse.security:def:4908	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4927	P	Security update for mozilla-nss (Moderate)	2020-12-02
oval:org.opensuse.security:def:5002	P	Security update for nodejs8 (Critical)	2020-12-02
oval:org.opensuse.security:def:4778	P	Security update for libvirt (Important)	2020-12-02
oval:org.opensuse.security:def:55099	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56337	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26454	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56429	P	Security update for libsoup (Important)	2020-12-01
oval:org.opensuse.security:def:55098	P	elfutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56232	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26538	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67448	P	Security update for freetds (Moderate)	2020-12-01
oval:org.opensuse.security:def:56503	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:55102	P	evince on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56340	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:26689	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64201	P	ruby2.5-rubygem-rack on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27526	P	opensc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55499	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:56541	P	Security update for shadow (Important)	2020-12-01
oval:org.opensuse.security:def:56432	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:55101	P	eog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26742	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55672	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:56622	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:56506	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:26791	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55502	P	Security update for gdm (Low)	2020-12-01
oval:org.opensuse.security:def:56544	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:26830	P	t1lib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27561	P	rubygem-rack-1_4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55675	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:56625	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26844	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56229	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:64114	P	Security update for mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26397	P	Security update for plasma5-workspace (Important)	2020-12-01
oval:org.opensuse.security:def:26888	P	emacs on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:29014	P	DSA-2783-2 -- librack-ruby -- several vulnerabilities	2015-08-17
oval:org.mitre.oval:def:19513	P	DSA-2783-1 librack-ruby - several	2014-06-23
oval:com.ubuntu.precise:def:20130263000	V	CVE-2013-0263 on Ubuntu 12.04 LTS (precise) - medium.	2013-02-08
oval:com.ubuntu.trusty:def:20130263000	V	CVE-2013-0263 on Ubuntu 14.04 LTS (trusty) - medium.	2013-02-08
oval:com.ubuntu.xenial:def:20130263000	V	CVE-2013-0263 on Ubuntu 16.04 LTS (xenial) - medium.	2013-02-08
oval:com.ubuntu.xenial:def:201302630000000	V	CVE-2013-0263 on Ubuntu 16.04 LTS (xenial) - medium.	2013-02-08

BACK