CVE-2013-3564

NameCVE-2013-3564
DescriptionThe web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vlc (PTS)stretch3.0.8-0+deb9u1fixed
stretch (security)3.0.11-0+deb9u1fixed
buster3.0.10-0+deb10u1fixed
buster (security)3.0.11-0+deb10u1fixed
bullseye3.0.11-1fixed
sid3.0.11-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vlcsource(unstable)2.0.7-1

Notes

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18864

Search for package or bug name: Reporting problems