CVE-2013-7239
memcached < 1.4.17 - Authentication Bypass via Invalid SASL Request
Title source: llmDescription
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64559
Patch x_refsource_confirm
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/572
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2080-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2832
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56183
Scores
EPSS
0.0118
EPSS Percentile
63.8%
Details
CWE
CWE-287
Status
published
Products (17)
memcached/memcached
1.4.0
memcached/memcached
1.4.1
memcached/memcached
1.4.2
memcached/memcached
1.4.3
memcached/memcached
1.4.4
memcached/memcached
1.4.5
memcached/memcached
1.4.6
memcached/memcached
1.4.7
memcached/memcached
1.4.8
memcached/memcached
1.4.9
... and 7 more
Published
Jan 13, 2014
Tracked Since
Feb 18, 2026