Published: 13/01/2014 Updated: 25/03/2018

CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5

VMScore: 427

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N

memcached prior to 1.4.17 allows remote malicious users to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
memcached memcached 1.4.0
memcached memcached 1.4.15
memcached memcached
memcached memcached 1.4.9
memcached memcached 1.4.13
memcached memcached 1.4.14
memcached memcached 1.4.7
memcached memcached 1.4.8
memcached memcached 1.4.11
memcached memcached 1.4.12
memcached memcached 1.4.5
memcached memcached 1.4.6
memcached memcached 1.4.1
memcached memcached 1.4.10
memcached memcached 1.4.2
memcached memcached 1.4.3
memcached memcached 1.4.4

Several security issues were fixed in Memcached ...

Debian Bug report logs - #706426 memcached: CVE-2011-4971: remote denial of service Package: memcached; Maintainer for memcached is Guillaume Delacour <gui@iroqwaorg>; Source for memcached is src:memcached (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 30 Apr 2013 06:30:02 UTC Severity: im ...

Debian Bug report logs - #733643 memcached: CVE-2013-7239: SASL authentication allows wrong credentials to access memcache Package: memcached; Maintainer for memcached is Guillaume Delacour <gui@iroqwaorg>; Source for memcached is src:memcached (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg&gt ...

Multiple vulnerabilities have been found in memcached, a high-performance memory object caching system The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-4971 Stefan Bucur reported that memcached could be caused to crash by sending a specially crafted packet CVE-2013-7239 It was reported that S ...

memcached before 1417 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials ...

CWE-287 https://code.google.com/p/memcached/wiki/ReleaseNotes1417 http://secunia.com/advisories/56183 http://seclists.org/oss-sec/2013/q4/572 http://www.debian.org/security/2014/dsa-2832 http://www.ubuntu.com/usn/USN-2080-1 http://www.securityfocus.com/bid/64559 https://nvd.nist.gov https://usn.ubuntu.com/2080-1/https://access.redhat.com/security/cve/cve-2013-7239

CVE-2013-7239

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect