Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation

A vulnerability was found in Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Block Handler. The manipulation as part of a Argument leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-269. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 07/29/2019. The advisory is shared at lists.apache.org. This vulnerability is known as CVE-2018-11773 since 06/05/2018. Neither technical details nor an exploit are publicly available.

Upgrading to version 2.5.1 eliminates this vulnerability.

See 138914 and 138912 for similar entries.

Vendor

• Venustech

Name

• Apache VCL

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3

VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Apache VCL 2.5.1

06/05/2018 CVE assigned
07/29/2019 +419 days Advisory disclosed
07/30/2019 +1 days VulDB entry created
07/30/2019 +0 days VulDB last updateAdvisory: lists.apache.org

CVE: CVE-2018-11773 (🔒)
See also: 🔒

Created: 07/30/2019 08:19 AM
Complete: 🔍

Comments

Comments are closed.