CVE-2013-1364
Zabbix < 1.8.16 and 2.x < 2.0.5rc1 - Improper Authentication via LDAP Configuration Override
Title source: llmDescription
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
https://support.zabbix.com/browse/ZBX-6097
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/57471
Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn1.8.16.php
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201311-15.xml
Vendor Advisory x_refsource_confirm
http://www.zabbix.com/rn2.0.5rc1.php
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55824
Scores
EPSS
0.0217
EPSS Percentile
80.0%
Details
CWE
CWE-287
Status
published
Products (6)
zabbix/zabbix
2.0.0
zabbix/zabbix
2.0.1
zabbix/zabbix
2.0.2
zabbix/zabbix
2.0.3
zabbix/zabbix
2.0.4
zabbix/zabbix
< 1.8.15
Published
Dec 14, 2013
Tracked Since
Feb 18, 2026