Your submission was sent successfully! Close

CVE-2013-2178

Published: 28 August 2013

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

Priority

Medium

Status

Package Release Status
fail2ban
Launchpad, Ubuntu, Debian
Upstream
Released (0.8.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(0.8.10-1)