CVE-2013-7176
fail2ban - security update
EPSS 0.84%
Description
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
How to fix CVE-2013-7176
To remediate CVE-2013-7176, upgrade the affected package to a fixed version below.
- Debian/fail2ban—upgrade to 0.8.11-1 or later
- Debian/fail2ban—upgrade to 0.8.4-3+squeeze3 or later
- Debian/fail2ban—upgrade to 0.8.6-3wheezy3 or later
Is CVE-2013-7176 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.8.11-1
- from 0, < 0.8.4-3+squeeze3
- from 0, < 0.8.6-3wheezy3