Vulnerability CVE-2013-1364: Information

Description

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-1364
Published: Dec. 14, 2013
Modified: Dec. 16, 2013
Error type identifier: CWE-287

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
zabbixp9_e2k5.0.12-alt0.p9.35.0.12-alt0.p9.3ALT-PU-2022-6601-1-Fixed
zabbixc9f25.0.12-alt0.p9.25.0.40-alt1ALT-PU-2021-2282-1279423Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://support.zabbix.com/browse/ZBX-6097
    GLSA-201311-15
      http://www.zabbix.com/rn1.8.16.php
      • Vendor Advisory
      55824
      • Vendor Advisory
      http://www.zabbix.com/rn2.0.5rc1.php
      • Vendor Advisory
      57471

          1. Configuration 1

            cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*
            cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
            cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
            cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
            End including
            1.8.15
            cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
            cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top