CVE-2013-4365
CVE-2013-4365 is a high-severity vulnerability in Apache Mod Fcgid with a CVSS 2.0 base score of 7.5. Its EPSS exploit-prediction score of 13% places it in the 96th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-787.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 13% (96th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-787
- Affected product: Apache Mod Fcgid
- Published:
- Last modified:
Description
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Frequently asked questions
- What is CVE-2013-4365?
- Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
- How severe is CVE-2013-4365?
- CVE-2013-4365 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2013-4365 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 13% (96th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-4365?
- CVE-2013-4365 primarily affects Apache Mod Fcgid. In total, 10 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-4365?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2013-4365 published?
- CVE-2013-4365 was published on 2013-10-17 and last updated on 2026-06-16.
References
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
- http://secunia.com/advisories/55197
- http://svn.apache.org/viewvc?view=revision&revision=1527362
- http://www.debian.org/security/2013/dsa-2778
- http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
- http://www.securityfocus.com/bid/62939
Affected products (10)
- cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:cloud:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:suse:cloud:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
More vulnerabilities in Apache Mod Fcgid
- CVE-2016-1000104 — High (CVSS 8.8): A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
- CVE-2010-3872 — High (CVSS 7.5): A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer…
- CVE-2012-1181 — Medium (CVSS 5.0): fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the…
All CVEs affecting Apache Mod Fcgid →
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…
Browse all CWE-787 (Out-of-bounds Write) vulnerabilities →
Threat intelligence
Threat-intel indicators referencing this CVE:
- 37.120.213.13 (ipv4-addr)
- 50.255.62.89 (ipv4-addr)
- 147.15.15.226 (ipv4-addr)
- 218.4.91.163 (ipv4-addr)
- 45.84.120.3 (ipv4-addr)
- 79.137.34.248 (ipv4-addr)
- 77.90.185.88 (ipv4-addr)
- 77.90.185.87 (ipv4-addr)