CVE-2019-13484 - Vulnerability Details - OpenCVE

In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Xymon	Xymon

Configuration 1 [-]

cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c
https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html
https://lists.xymon.com/archive/2019-July/046570.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-27T16:26:53

Updated: 2024-08-04T23:57:39.212Z

Reserved: 2019-07-10T00:00:00

Link: CVE-2019-13484

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-27T17:15:10.647

Modified: 2024-11-21T04:24:59.657

Link: CVE-2019-13484

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-27T16:26:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.xymon.com/archive/2019-July/046570.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13484", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c", "refsource": "MISC", "url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"}, {"name": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html", "refsource": "CONFIRM", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}, {"name": "https://lists.xymon.com/archive/2019-July/046570.html", "refsource": "CONFIRM", "url": "https://lists.xymon.com/archive/2019-July/046570.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.212Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.xymon.com/archive/2019-July/046570.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13484", "datePublished": "2019-08-27T16:26:53", "dateReserved": "2019-07-10T00:00:00", "dateUpdated": "2024-08-04T23:57:39.212Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xymon:xymon:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BA8FC24-A087-49B8-B96B-F843CD830399", "versionEndIncluding": "4.3.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of   expansion in appfeed.c."}, {"lang": "es", "value": "En Xymon a trav\u00e9s de 4.3.28, existe un desbordamiento de b\u00fafer en el visor de registro de estado CGI debido a \u00a0 expansi\u00f3n en appfeed.c."}], "id": "CVE-2019-13484", "lastModified": "2024-11-21T04:24:59.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-27T17:15:10.647", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.xymon.com/archive/2019-July/046570.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/appfeed.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Release Notes", "Vendor Advisory"], "url": "https://lists.xymon.com/archive/2019-July/046570.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}