CVE-2013-5663
PAN-OS < 4.0.14, 4.1.x < 4.1.11, 5.0.x < 5.0.2 - Security Policy Bypass via App-ID Cache Pollution
Title source: llmDescription
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2013-5663
Various Sources x_refsource_confirm
http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/
Exploit x_refsource_misc
http://pastie.org/pastes/5568186/text
Various Sources x_refsource_misc
http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20%28Brad%20Woodberg%20-%20Final%29.pptx
Scores
EPSS
0.0061
EPSS Percentile
69.9%
Details
CWE
CWE-264
Status
published
Products (23)
paloaltonetworks/pan-os
4.0.0
paloaltonetworks/pan-os
4.0.1
paloaltonetworks/pan-os
4.0.2
paloaltonetworks/pan-os
4.0.3
paloaltonetworks/pan-os
4.0.4
paloaltonetworks/pan-os
4.0.5
paloaltonetworks/pan-os
4.0.6
paloaltonetworks/pan-os
4.0.7
paloaltonetworks/pan-os
4.1.0
paloaltonetworks/pan-os
4.1.1
... and 13 more
Published
Aug 31, 2013
Tracked Since
Feb 18, 2026