CVE-2013-5979: MAC Bypass in Symmetric Encryption

October 2, 2013 (updated August 13, 2018)

This package allows remote attackers to read arbitrary files via a .. in the p parameter to index.php.

References

blog.h3xstream.com/2013/08/esapi-when-authenticated-encryption.html
owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf
www.synacktiv.com/ressources/synacktiv_owasp_esapi_hmac_bypass.pdf
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5679

Detect and mitigate CVE-2013-5979 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →