You are here

V-150: Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges

May 7, 2013 - 12:01am

Addthis

PROBLEM:

Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges

PLATFORM:

Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1

ABSTRACT:

A vulnerability was reported in Apache VCL.

REFERENCE LINKS:

Apache
Securelist
SecurityTracker Alert ID:  1028515
CVE-2013-0267

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.

IMPACT:

A remote authenticated user can obtain elevated privileges on the target system.

SOLUTION:

The vendor has issued a fix (2.2.2, 2.3.2).

Addthis