CVE-2013-3564

NameCVE-2013-3564
DescriptionThe web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vlc (PTS)stretch3.0.11-0+deb9u1fixed
stretch (security)3.0.11-0+deb9u2fixed
buster, buster (security)3.0.12-0+deb10u1fixed
bookworm, sid, bullseye3.0.16-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vlcsource(unstable)2.0.7-1

Notes

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18864

Search for package or bug name: Reporting problems