Search for vulnerabilities
Vulnerability details: VCID-g67c-gst6-aaak
Vulnerability ID VCID-g67c-gst6-aaak
Aliases CVE-2013-4560
Summary Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4560.html
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.03998 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.07436 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.07436 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.07436 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.07436 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.10235 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.10235 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.10235 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.13286 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
epss 0.20438 https://api.first.org/data/v1/epss?cve=CVE-2013-4560
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4560
Reference id Reference type URL
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
http://jvn.jp/en/jp/JVN37417423/index.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4560.html
https://api.first.org/data/v1/epss?cve=CVE-2013-4560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
http://secunia.com/advisories/55682
https://www.debian.org/security/2013/dsa-2795
http://www.openwall.com/lists/oss-security/2013/11/12/4
729453 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729453
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVE-2013-4560 https://nvd.nist.gov/vuln/detail/CVE-2013-4560
GLSA-201406-10 https://security.gentoo.org/glsa/201406-10
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4560
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91045
EPSS Score 0.02891
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.