Unrated severityNVD Advisory· Published Aug 28, 2013· Updated Apr 29, 2026
CVE-2013-2178
CVE-2013-2178
Description
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.
Affected products
36cpe:2.3:a:fail2ban:fail2ban:*:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:fail2ban:fail2ban:*:*:*:*:*:*:*:*range: <=0.8.9
- cpe:2.3:a:fail2ban:fail2ban:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:fail2ban:fail2ban:0.8.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.opensuse.org/opensuse-updates/2014-03/msg00021.htmlnvd
- www.debian.org/security/2013/dsa-2708nvd
- www.openwall.com/lists/oss-security/2013/06/13/7nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338nvd
- raw.github.com/fail2ban/fail2ban/master/ChangeLognvd
- vndh.net/note:fail2ban-089-denial-servicenvd
News mentions
0No linked articles in our index yet.