VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7n48-35un-aaaj

Essentials
Severities (132)
References (40)
Severity details (42)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7n48-35un-aaaj
Aliases	CVE-2016-2513 GHSA-fp6p-5xvw-m74f PYSEC-2016-16
Summary	The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-385	Covert Timing Channel

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2513.html
cvssv3.1	3.1	http://rhn.redhat.com/errata/RHSA-2016-0502.html
generic_textual	LOW	http://rhn.redhat.com/errata/RHSA-2016-0502.html
cvssv3.1	3.1	http://rhn.redhat.com/errata/RHSA-2016-0504.html
generic_textual	LOW	http://rhn.redhat.com/errata/RHSA-2016-0504.html
cvssv3.1	3.1	http://rhn.redhat.com/errata/RHSA-2016-0505.html
generic_textual	LOW	http://rhn.redhat.com/errata/RHSA-2016-0505.html
cvssv3.1	3.1	http://rhn.redhat.com/errata/RHSA-2016-0506.html
generic_textual	LOW	http://rhn.redhat.com/errata/RHSA-2016-0506.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0502
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0503
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0504
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0505
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:0506
epss	0.00717	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00723	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00765	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00765	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00765	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00765	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.00799	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01082	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01086	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01086	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
epss	0.01086	https://api.first.org/data/v1/epss?cve=CVE-2016-2513
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1311438
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-fp6p-5xvw-m74f
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	3.1	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
generic_textual	LOW	https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
cvssv3.1	3.1	https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e
generic_textual	LOW	https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e
cvssv3.1	3.1	https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6
generic_textual	LOW	https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6
cvssv3.1	3.1	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml
generic_textual	LOW	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml
cvssv2	2.6	https://nvd.nist.gov/vuln/detail/CVE-2016-2513
cvssv3	3.1	https://nvd.nist.gov/vuln/detail/CVE-2016-2513
generic_textual	Medium	https://ubuntu.com/security/notices/USN-2915-1
cvssv3.1	3.1	https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152
generic_textual	LOW	https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152
cvssv3.1	3.1	https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878
generic_textual	LOW	https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878
cvssv3.1	3.1	https://www.djangoproject.com/weblog/2016/mar/01/security-releases
generic_textual	LOW	https://www.djangoproject.com/weblog/2016/mar/01/security-releases
generic_textual	Medium	https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
cvssv3.1	3.1	http://www.debian.org/security/2016/dsa-3544
generic_textual	LOW	http://www.debian.org/security/2016/dsa-3544
cvssv3.1	8.8	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
generic_textual	HIGH	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1	3.1	http://www.ubuntu.com/usn/USN-2915-1
generic_textual	LOW	http://www.ubuntu.com/usn/USN-2915-1
cvssv3.1	3.1	http://www.ubuntu.com/usn/USN-2915-2
generic_textual	LOW	http://www.ubuntu.com/usn/USN-2915-2
cvssv3.1	3.1	http://www.ubuntu.com/usn/USN-2915-3
generic_textual	LOW	http://www.ubuntu.com/usn/USN-2915-3

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2513.html
		http://rhn.redhat.com/errata/RHSA-2016-0502.html
		http://rhn.redhat.com/errata/RHSA-2016-0504.html
		http://rhn.redhat.com/errata/RHSA-2016-0505.html
		http://rhn.redhat.com/errata/RHSA-2016-0506.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2513.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-2513
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2512
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2513
		https://github.com/django/django
		https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
		https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e
		https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml
		https://ubuntu.com/security/notices/USN-2915-1
		https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152
		https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878
		https://www.djangoproject.com/weblog/2016/mar/01/security-releases
		https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
		http://www.debian.org/security/2016/dsa-3544
		http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
		http://www.securityfocus.com/bid/83878
		http://www.securitytracker.com/id/1035152
		http://www.ubuntu.com/usn/USN-2915-1
		http://www.ubuntu.com/usn/USN-2915-2
		http://www.ubuntu.com/usn/USN-2915-3
1311438		https://bugzilla.redhat.com/show_bug.cgi?id=1311438
816434		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434
cpe:2.3:a:djangoproject:django:1.8.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:::::::*
cpe:2.3:a:djangoproject:django:1.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:::::::*
cpe:2.3:a:djangoproject:django:1.9.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:::::::*
cpe:2.3:a:djangoproject:django:1.9.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:::::::*
CVE-2016-2513		https://nvd.nist.gov/vuln/detail/CVE-2016-2513
GHSA-fp6p-5xvw-m74f		https://github.com/advisories/GHSA-fp6p-5xvw-m74f
RHSA-2016:0502		https://access.redhat.com/errata/RHSA-2016:0502
RHSA-2016:0503		https://access.redhat.com/errata/RHSA-2016:0503
RHSA-2016:0504		https://access.redhat.com/errata/RHSA-2016:0504
RHSA-2016:0505		https://access.redhat.com/errata/RHSA-2016:0505
RHSA-2016:0506		https://access.redhat.com/errata/RHSA-2016:0506
USN-2915-1		https://usn.ubuntu.com/2915-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0502.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0504.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0505.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0506.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2513

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2513

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://www.djangoproject.com/weblog/2016/mar/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://www.debian.org/security/2016/dsa-3544

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://www.ubuntu.com/usn/USN-2915-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://www.ubuntu.com/usn/USN-2915-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://www.ubuntu.com/usn/USN-2915-3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.56864
EPSS Score	0.00717
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.