CVE-2013-3300
Published Jul 29, 2013
Last updated 11 years ago
Overview
- Description
- The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liftweb:lift:*:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64A7822D-2B0B-43F8-8F2E-607AFDF85792",
"versionEndIncluding": "2.5"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDF2EF6D-AA97-4A6D-A438-1C5C273B4349"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76FD44BE-B420-44AE-8C03-EF00B19B7E8F"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "213FC528-8709-4C93-902E-0CFF7A3A3303"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B898631E-54F3-4438-8DAC-27147512D38C"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:m4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA77D39D-B4B6-4F50-9D9E-FA5808467967"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD29DD85-B67E-41BC-BCD6-058655033773"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D712C21-8577-4D42-9076-68922E2250C4"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3C20517-60A8-4944-8ABF-3FD3EE9B709B"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9F99E35-1946-438E-9ECC-F98F547F743B"
},
{
"criteria": "cpe:2.3:a:liftweb:lift:2.5:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8E40AE5-6A4D-4101-8A75-922A91FA9B5D"
}
],
"operator": "OR"
}
]
}
]