Skip to main content

Security Appscan CVE-2013-0512

MEDIUM
Buffer Overflow (CWE-119)
2013-03-29 psirt@us.ibm.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 29, 2013 - 16:09 cve.org
MEDIUM 4.3

DescriptionCVE.org

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page.

AnalysisAI

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. Affected products include: Ibm Security Appscan, Ibm Rational Policy Tester. Version information: before 8.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2014-6119 CRITICAL
9.3 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2014-0904 HIGH
7.6 Mar 26

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded file

CVE-2016-9981 HIGH
8.1 Aug 02

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid

CVE-2016-6042 HIGH
7.3 Feb 01

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper

CVE-2013-0513 HIGH
7.2 Mar 29

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create

CVE-2013-0532 MEDIUM
6.8 Mar 29

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Ration

CVE-2016-0288 MEDIUM
6.5 Jun 01

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenti

CVE-2013-0511 MEDIUM
6.5 Mar 29

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authentica

CVE-2012-0741 MEDIUM
5.8 Dec 28

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certifica

CVE-2012-0738 MEDIUM
5.8 Dec 28

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certifica

CVE-2014-8918 MEDIUM
5.8 Feb 02

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL server

CVE-2014-6122 MEDIUM
5.5 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

Share

CVE-2013-0512 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy