ID CVE-2013-7402
Summary Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.
References
Vulnerable Configurations
  • c-icap project c-icap 0.2.1
    cpe:2.3:a:c-icap_project:c-icap:0.2.1
  • c-icap project c-icap 0.2.2
    cpe:2.3:a:c-icap_project:c-icap:0.2.2
  • c-icap project c-icap 0.2.3
    cpe:2.3:a:c-icap_project:c-icap:0.2.3
  • c-icap project c-icap 0.2.4
    cpe:2.3:a:c-icap_project:c-icap:0.2.4
  • c-icap project c-icap 0.2.5
    cpe:2.3:a:c-icap_project:c-icap:0.2.5
  • c-icap project c-icap 0.2.6
    cpe:2.3:a:c-icap_project:c-icap:0.2.6
CVSS
Base: 5.0 (as of 10-09-2015 - 08:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-001.NASL
    description Updated c-icap packages fix security vulnerabilities : Several vulnerabilities were found in c-icap, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts (CVE-2013-7401, CVE-2013-7402).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80382
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80382
    title Mandriva Linux Security Advisory : c-icap (MDVSA-2015:001)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201409-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201409-07 (c-icap: Denial of Service) c-icap contains a flaw in the parse_request() function of request.c that may allow a remote denial of service. The issue is triggered when the buffer fails to contain a ‘ ‘ or ‘?’ symbol, which will cause the end pointer to increase and surpass allocated memory. With a specially crafted request (e.g. via the OPTIONS method), a remote attacker can cause a loss of availability for the program. Impact : A remote attacker may cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77775
    published 2014-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77775
    title GLSA-201409-07 : c-icap: Denial of Service
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3101.NASL
    description Several vulnerabilities were found in c-icap, an ICAP server implementation, which could allow a remote attacker to cause c-icap to crash, or have other, unspecified impacts.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 79888
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79888
    title Debian DSA-3101-1 : c-icap - security update
refmap via4
confirm
debian DSA-3101
mandriva MDVSA-2015:001
mlist [oss-security] 20140915 Re: CVE assignment for c-icap Server
secunia
  • 61381
  • 61444
Last major update 10-09-2015 - 11:28
Published 17-12-2014 - 14:59
Back to Top