CVE-2013-3300

Published Jul 29, 2013

Last updated 12 years ago

CVSS info 4.0

Overview

Description: The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:liftweb:lift:*:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64A7822D-2B0B-43F8-8F2E-607AFDF85792",
            "versionEndIncluding": "2.5"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDF2EF6D-AA97-4A6D-A438-1C5C273B4349"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FD44BE-B420-44AE-8C03-EF00B19B7E8F"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "213FC528-8709-4C93-902E-0CFF7A3A3303"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B898631E-54F3-4438-8DAC-27147512D38C"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:m4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA77D39D-B4B6-4F50-9D9E-FA5808467967"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD29DD85-B67E-41BC-BCD6-058655033773"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D712C21-8577-4D42-9076-68922E2250C4"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3C20517-60A8-4944-8ABF-3FD3EE9B709B"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9F99E35-1946-438E-9ECC-F98F547F743B"
          },
          {
            "criteria": "cpe:2.3:a:liftweb:lift:2.5:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E40AE5-6A4D-4101-8A75-922A91FA9B5D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References