Vulnerability Name:

CVE-2013-1841 (CCN-82900)

Assigned:2013-03-16
Published:2013-03-16
Updated:2017-08-29
Summary:Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-1841

Source: CCN
Type: Net-Server Web site
Net::Server - search.cpan.org

Source: MLIST
Type: UNKNOWN
[oss-security] 20130304 Reverse lookup issue in Net::Server

Source: MLIST
Type: UNKNOWN
[oss-security] 20130311 Re: Reverse lookup issue in Net::Server

Source: BID
Type: UNKNOWN
58309

Source: CCN
Type: BID-58309
Net-Server 'allow_deny()' Function Security Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 920683
CVE-2013-1841 perl-Net-Server: Improper reverse DNS matching check for the given hostname

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=920683

Source: XF
Type: UNKNOWN
netserver-cve20131841-security-bypass(82900)

Source: XF
Type: UNKNOWN
netserver-cve20131841-security-bypass(82900)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1841

Vulnerable Configuration:Configuration 1:
  • cpe:/a:seamons:net-server:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7746
    P
    		perl-Net-Server-2.009-150000.3.3.1 on GA media (Moderate)
    2023-06-12
    oval:com.ubuntu.bionic:def:201318410000000
    V
    		CVE-2013-1841 on Ubuntu 18.04 LTS (bionic) - low.
    2014-06-13
    oval:com.ubuntu.artful:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 17.10 (artful) - low.
    2014-06-13
    oval:com.ubuntu.trusty:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 14.04 LTS (trusty) - low.
    2014-06-13
    oval:com.ubuntu.xenial:def:201318410000000
    V
    		CVE-2013-1841 on Ubuntu 16.04 LTS (xenial) - low.
    2014-06-13
    oval:com.ubuntu.bionic:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 18.04 LTS (bionic) - low.
    2014-06-13
    oval:com.ubuntu.xenial:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 16.04 LTS (xenial) - low.
    2014-06-13
    oval:com.ubuntu.disco:def:201318410000000
    V
    		CVE-2013-1841 on Ubuntu 19.04 (disco) - low.
    2014-06-13
    oval:com.ubuntu.cosmic:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 18.10 (cosmic) - low.
    2014-06-13
    oval:com.ubuntu.cosmic:def:201318410000000
    V
    		CVE-2013-1841 on Ubuntu 18.10 (cosmic) - low.
    2014-06-13
    oval:com.ubuntu.precise:def:20131841000
    V
    		CVE-2013-1841 on Ubuntu 12.04 LTS (precise) - low.
    2014-06-13
    BACK
    seamons net-server -