CVE-2013-7239
NONE EPSS 63.9%
Published Jan 13, 201412y ago · Modified Jun 17, 20262w ago
Published Jan 13, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Threat Intelligence
EPSS Exploit Probability
63.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
Affected Products 17
| Vendor | Product | Version | Range |
|---|---|---|---|
| memcached | memcached | * | ≤1.4.16 |
| memcached | memcached | 1.4.0 | any |
| memcached | memcached | 1.4.1 | any |
| memcached | memcached | 1.4.2 | any |
| memcached | memcached | 1.4.3 | any |
| memcached | memcached | 1.4.4 | any |
| memcached | memcached | 1.4.5 | any |
| memcached | memcached | 1.4.6 | any |
| memcached | memcached | 1.4.7 | any |
| memcached | memcached | 1.4.8 | any |
| memcached | memcached | 1.4.9 | any |
| memcached | memcached | 1.4.10 | any |
| memcached | memcached | 1.4.11 | any |
| memcached | memcached | 1.4.12 | any |
| memcached | memcached | 1.4.13 | any |
| memcached | memcached | 1.4.14 | any |
| memcached | memcached | 1.4.15 | any |
References 6
- seclists.org http://seclists.org/oss-sec/2013/q4/572
- secunia.com http://secunia.com/advisories/56183
- debian.org http://www.debian.org/security/2014/dsa-2832
- securityfocus.com http://www.securityfocus.com/bid/64559
- ubuntu.com http://www.ubuntu.com/usn/USN-2080-1
- code.google.com https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Remediation
- code.google.com https://code.google.com/p/memcached/wiki/ReleaseNotes1417