Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "89BF4CB5-5DBF-4D3F-BB71-EAA44A433D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFB62852-2AB0-4DD8-8742-8852E35680BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1CD4DC0-12FC-49C5-B2A0-2934ADFEC45C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "E4F8C757-DC7C-4611-BFB3-E2D909EBAFA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "B4268BBF-CEFE-4DC0-A540-20BDA4F61BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2ADEB3C-EC09-404B-B301-CF67106EC98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE774463-3916-4BF5-A8C5-796CD1FD4AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.15.1:beta:*:*:*:*:*:*", "matchCriteriaId": "ECAECD24-A1B6-4B51-93D4-64CCEEDEB5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E9185C1-A2A4-490B-B054-DE337D4BBAF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "0831F7D3-6E65-4D92-8295-64F0649EDA2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.4:beta:*:*:*:*:*:*", "matchCriteriaId": "D9EBE646-1515-4E30-8D6B-B5320A07F798", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.17.5:beta:*:*:*:*:*:*", "matchCriteriaId": "12E5FB1C-08E9-4597-B729-9E9D7C7BBC5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDA49F2C-F679-4CB6-912F-E1C8F23C3E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "5EE3C64E-1596-4AF8-A335-0BDDC9A47C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "C016F6A1-83BF-4ED7-B811-44DB7B19B60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "2A3A2E1E-7492-486A-916F-B9DDD0E2810C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDE04C46-348E-4772-BDFC-7A43399741E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.5:*:*:*:*:*:*:*", "matchCriteriaId": "37C49996-20B7-4763-AA6A-92EFDA69CF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.6:*:*:*:*:*:*:*", "matchCriteriaId": "947E1B5B-E1F7-4770-9163-E8583F631810", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.7:*:*:*:*:*:*:*", "matchCriteriaId": "89608E18-768A-4EA1-BEC2-05DEA93C85AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.8:*:*:*:*:*:*:*", "matchCriteriaId": "B64A837C-553D-433A-9904-FAE91B897DD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.9:*:*:*:*:*:*:*", "matchCriteriaId": "5907B692-CCD4-40E8-B5FC-E0606996F044", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.10:*:*:*:*:*:*:*", "matchCriteriaId": "90C6D691-8ACB-497C-B90B-CAEDE54965B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.11:*:*:*:*:*:*:*", "matchCriteriaId": "6C042D96-9BB4-40F5-B752-0F1DE06BA458", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.19.12:*:*:*:*:*:*:*", "matchCriteriaId": "EA326A8D-069A-4C60-B1E8-D83CD2E70DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:3.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "47275436-0B5A-4BC6-A3F6-2232BF8D36D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "841185A1-0CD7-4965-A40A-45836037B910", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AB0A79C-E420-468E-9388-5E19EA54EA89", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages."}, {"lang": "es", "value": "El manejador ACL de rsyslog v3.12.1 hasta v3.20.0, v4.1.0 y v4.1.1, no sigue la directiva $AllowSender, lo que permite a atacantes remotos evitar las restricciones de acceso pretendidas y falsear los mensajes de registro (log) o crear un gran n\u00famero de mensajes falsos."}], "id": "CVE-2008-5617", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-17T02:30:00.203", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32857"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.rsyslog.com/Article322.phtml"}, {"source": "cve@mitre.org", "url": "http://www.rsyslog.com/Article327.phtml"}, {"source": "cve@mitre.org", "url": "http://www.rsyslog.com/Topic4.phtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32630"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.rsyslog.com/Article322.phtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rsyslog.com/Article327.phtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rsyslog.com/Topic4.phtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47080"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.", "lastModified": "2008-12-17T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}