{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-06-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"oval:org.mitre.oval:def:17338","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"},{"name":"[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache  rules only)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/06/13/7"},{"name":"DSA-2708","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2013/dsa-2708"},{"name":"openSUSE-SU-2014:0348","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"},{"tags":["x_refsource_MISC"],"url":"https://vndh.net/note:fail2ban-089-denial-service"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T15:27:41.112Z"},"title":"CVE Program Container","references":[{"name":"oval:org.mitre.oval:def:17338","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"},{"name":"[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache  rules only)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/06/13/7"},{"name":"DSA-2708","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2013/dsa-2708"},{"name":"openSUSE-SU-2014:0348","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://vndh.net/note:fail2ban-089-denial-service"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-2178","datePublished":"2013-08-28T17:18:00.000Z","dateReserved":"2013-02-19T00:00:00.000Z","dateUpdated":"2024-08-06T15:27:41.112Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}