CVE-2013-1364

Zabbix < 1.8.15 - Authentication Bypass

Title source: rule

Description

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.

References (6)

[Vendor Advisory] http://secunia.com/advisories/55824

[Vendor Advisory] http://www.zabbix.com/rn1.8.16.php

[Vendor Advisory] http://www.zabbix.com/rn2.0.5rc1.php

[Various Sources] https://support.zabbix.com/browse/ZBX-6097

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57471

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201311-15.xml

Scores

EPSS 0.0044

EPSS Percentile 62.9%

Classification

CWE

CWE-287

Status draft

Affected Products (6)

zabbix/zabbix < 1.8.15

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

zabbix/zabbix

Timeline

Published Dec 14, 2013

Tracked Since Feb 18, 2026