Find a vulnerability
Search criteria
138 vulnerabilities by None
VAR-200607-0396
Vulnerability from variot - Updated: 2026-04-11 00:11Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:
DELTAINTERVAL
LOGFOLDER
DELETELOGS
FWASERVER
SYSLOGPUBLICIP
GETFWAIMPORTLOG
GETFWADELTA
DELETERDEPDEVICE
COMPRESSRAWLOGFILE
GETSYSLOGFIREWALLS
ADDPOLICY
EDITPOLICY. OEM vendors' versions prior to 4.6 are also vulnerable.
-- About the TippingPoint Security Research Team (TSRT): The TippingPoint Security Research Team (TSRT) consists of industry recognized security researchers that apply their cutting-edge engineering, reverse engineering and analysis talents in our daily operations. More information about the team is available at:
http://www.tippingpoint.com/security
The by-product of these efforts fuels the creation of vulnerability filters that are automatically delivered to our customers' intrusion prevention systems through the Digital Vaccine(R) service. ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-023.html July 25, 2006
-- CVE ID: CVE-2006-3838
-- Affected Vendor: eIQnetworks
-- Affected Products: eIQnetworks Enterprise Security Analyzer Astaro Report Manager (OEM) Fortinet FortiReporter (OEM) iPolicy Security Reporter (OEM) SanMina Viking Multi-Log Manager (OEM) Secure Computing G2 Security Reporter (OEM) Top Layer Network Security Analyzer (OEM)
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since by Digital Vaccine protection filter ID N/A. Authentication is not required to exploit this vulnerability.
-- Vendor Response: eIQnetworks has issued an update to correct this vulnerability. More details can be found at:
http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf
-- Disclosure Timeline: 2006.05.10 - Vulnerability reported to vendor - Digital Vaccine released to TippingPoint customers 2006.07.25 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by Titon, JxT, KF and the rest of Bastard Labs.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise security analyzer",
"scope": null,
"trust": 1.4,
"vendor": "eiqnetworks",
"version": null
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "eiqnetworks",
"version": "2.4.0"
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "ne",
"trust": 0.9,
"vendor": "eiqnetworks",
"version": "2.5"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "astaro",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing network security division",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "top layer",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "viking interworks",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "eiqnetworks",
"version": null
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "eiqnetworks",
"version": "2.5.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"_id": null,
"model": "layer network security analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "top",
"version": "0"
},
{
"_id": null,
"model": "g2 security reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "0"
},
{
"_id": null,
"model": "viking multi-log manager",
"scope": "eq",
"trust": 0.3,
"vendor": "sanmina",
"version": "0"
},
{
"_id": null,
"model": "fortireporter",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"_id": null,
"model": "report manager",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "0"
},
{
"_id": null,
"model": "security reporter",
"scope": "ne",
"trust": 0.3,
"vendor": "ipolicy",
"version": "0"
},
{
"_id": null,
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "eiqnetworks",
"version": "2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:eiqnetworks:enterprise_security_analyzer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
}
]
},
"credits": {
"_id": null,
"data": "Titon, JxT, KF and the rest of Bastard Labs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
}
],
"trust": 1.4
},
"cve": "CVE-2006-3838",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-3838",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-3838",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#513068",
"trust": 0.8,
"value": "34.79"
},
{
"author": "NVD",
"id": "CVE-2006-3838",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). Used in the following products eIQnetworks Enterprise Security Analyzer (ESA) Is Syslog daemon (syslogserver.exe) A stack-based buffer overflow vulnerability exists due to a flaw in handling. During the processing of long arguments to the LICMGR_ADDLICENSE command a classic stack based buffer overflow occurs. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Syslog daemon, syslogserver.exe, during the processing of long strings transmitted to the listening TCP port. The vulnerability is not exposed over UDP. The default configuration does not expose the open TCP port. eIQnetworks Enterprise Security Analyzer (ESA) is an enterprise-level security management platform. The following commands are known to be affected by this vulnerability:\n\n\u00a0DELTAINTERVAL\n\n\u00a0LOGFOLDER\n\n\u00a0DELETELOGS\n\n\u00a0FWASERVER\n\n\u00a0SYSLOGPUBLICIP\n\n\u00a0GETFWAIMPORTLOG\n\n\u00a0GETFWADELTA\n\n\u00a0DELETERDEPDEVICE\n\n\u00a0COMPRESSRAWLOGFILE\n\n\u00a0GETSYSLOGFIREWALLS\n\n\u00a0ADDPOLICY\n\n\u00a0EDITPOLICY. OEM vendors\u0027 versions prior to 4.6 are also vulnerable. \n\n-- About the TippingPoint Security Research Team (TSRT):\nThe TippingPoint Security Research Team (TSRT) consists of industry\nrecognized security researchers that apply their cutting-edge\nengineering, reverse engineering and analysis talents in our daily\noperations. More information about the team is available at:\n\n http://www.tippingpoint.com/security\n \nThe by-product of these efforts fuels the creation of vulnerability\nfilters that are automatically delivered to our customers\u0027 intrusion\nprevention systems through the Digital Vaccine(R) service. ZDI-06-023: eIQnetworks Enterprise Security Analyzer Syslog Server Buffer \nOverflow Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-023.html\nJuly 25, 2006\n\n-- CVE ID:\nCVE-2006-3838\n\n-- Affected Vendor:\neIQnetworks\n\n-- Affected Products:\neIQnetworks Enterprise Security Analyzer\nAstaro Report Manager (OEM)\nFortinet FortiReporter (OEM)\niPolicy Security Reporter (OEM)\nSanMina Viking Multi-Log Manager (OEM)\nSecure Computing G2 Security Reporter (OEM)\nTop Layer Network Security Analyzer (OEM)\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since by Digital Vaccine protection\nfilter ID N/A. \nAuthentication is not required to exploit this vulnerability. \n\n-- Vendor Response:\neIQnetworks has issued an update to correct this vulnerability. More\ndetails can be found at:\n\n \nhttp://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf\n\n-- Disclosure Timeline:\n2006.05.10 - Vulnerability reported to vendor\n - Digital Vaccine released to TippingPoint customers\n2006.07.25 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Titon, JxT, KF and the rest of \nBastard Labs. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3838"
},
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
}
],
"trust": 5.49
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2006-3838",
"trust": 5.3
},
{
"db": "ZDI",
"id": "ZDI-06-023",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#513068",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "21215",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21214",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21213",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21211",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21217",
"trust": 1.8
},
{
"db": "ZDI",
"id": "ZDI-06-024",
"trust": 1.8
},
{
"db": "BID",
"id": "19164",
"trust": 1.3
},
{
"db": "BID",
"id": "19165",
"trust": 1.3
},
{
"db": "BID",
"id": "19163",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1016580",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3007",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-2985",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3009",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3010",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3006",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2006-3008",
"trust": 1.0
},
{
"db": "BID",
"id": "19167",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "21218",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "27526",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "27527",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "27528",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "27525",
"trust": 1.0
},
{
"db": "AUSCERT",
"id": "ESB-2006.0517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-052",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-053",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-5703",
"trust": 0.6
},
{
"db": "BID",
"id": "19424",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "48591",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48585",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "ZDI",
"id": "ZDI-06-024"
},
{
"db": "ZDI",
"id": "ZDI-06-023"
},
{
"db": "CNVD",
"id": "CNVD-2006-5703"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"id": "VAR-200607-0396",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5703"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-5703"
}
]
},
"last_update_date": "2026-04-11T00:11:09.115000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eiqnetworks.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://www.eiqnetworks.com/products/enterprisesecurity/enterprisesecurityanalyzer/esa_2.5.0_release_notes.pdf"
},
{
"trust": 1.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-023.html"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/513068"
},
{
"trust": 1.6,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-07.html"
},
{
"trust": 1.2,
"url": "http://www.eiqnetworks.com/products/enterprisesecurityanalyzer.shtml"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-024.html"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/27528"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/2985"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27951"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21217"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3006"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3009"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27954"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441198/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27950"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27953"
},
{
"trust": 1.0,
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2006/08/msg00152.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21215"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21211"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441197/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://securitytracker.com/id?1016580"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21213"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/19164"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/19167"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/27525"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/27526"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27952"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3007"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441195/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/19165"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21218"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3010"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/21214"
},
{
"trust": 1.0,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-04.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/441200/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/19163"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3008"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/27527"
},
{
"trust": 1.0,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-03.html"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/tsrt-06-03.html"
},
{
"trust": 0.8,
"url": "http://www.eiqnetworks.com/support/security_advisory.pdf"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21211/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21213/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21214/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21215/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21217/"
},
{
"trust": 0.8,
"url": "http://www.auscert.org.au/6544"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3838"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3838"
},
{
"trust": 0.3,
"url": "/archive/1/441528"
},
{
"trust": 0.3,
"url": "/archive/1/441198"
},
{
"trust": 0.3,
"url": "/archive/1/441195"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3838"
},
{
"trust": 0.3,
"url": "http://secunia.com/"
},
{
"trust": 0.3,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com/security"
},
{
"trust": 0.1,
"url": "http://www.eiqnetworks.com/products/enterprisesecurity/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
},
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
},
{
"db": "PACKETSTORM",
"id": "48591"
},
{
"db": "PACKETSTORM",
"id": "48586"
},
{
"db": "PACKETSTORM",
"id": "48585"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905"
},
{
"db": "NVD",
"id": "CVE-2006-3838"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#513068",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-06-024",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-06-023",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2006-5703",
"ident": null
},
{
"db": "BID",
"id": "19164",
"ident": null
},
{
"db": "BID",
"id": "19165",
"ident": null
},
{
"db": "BID",
"id": "19163",
"ident": null
},
{
"db": "BID",
"id": "19424",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "48591",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "48586",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "48585",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002905",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2006-3838",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2006-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#513068",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-024",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-023",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5703",
"ident": null
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19164",
"ident": null
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19165",
"ident": null
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19163",
"ident": null
},
{
"date": "2006-08-08T00:00:00",
"db": "BID",
"id": "19424",
"ident": null
},
{
"date": "2006-07-26T09:15:27",
"db": "PACKETSTORM",
"id": "48591",
"ident": null
},
{
"date": "2006-07-26T09:11:59",
"db": "PACKETSTORM",
"id": "48586",
"ident": null
},
{
"date": "2006-07-26T09:11:05",
"db": "PACKETSTORM",
"id": "48585",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002905",
"ident": null
},
{
"date": "2006-07-27T01:04:00",
"db": "NVD",
"id": "CVE-2006-3838",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2007-01-18T00:00:00",
"db": "CERT/CC",
"id": "VU#513068",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-024",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "ZDI",
"id": "ZDI-06-023",
"ident": null
},
{
"date": "2006-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-5703",
"ident": null
},
{
"date": "2008-02-01T20:17:00",
"db": "BID",
"id": "19164",
"ident": null
},
{
"date": "2006-09-05T22:28:00",
"db": "BID",
"id": "19165",
"ident": null
},
{
"date": "2006-09-05T22:28:00",
"db": "BID",
"id": "19163",
"ident": null
},
{
"date": "2006-09-05T22:43:00",
"db": "BID",
"id": "19424",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002905",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-3838",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#513068"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "19164"
},
{
"db": "BID",
"id": "19165"
},
{
"db": "BID",
"id": "19163"
},
{
"db": "BID",
"id": "19424"
}
],
"trust": 1.2
}
}
VAR-200411-0172
Vulnerability from variot - Updated: 2026-03-09 20:53The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications.
Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability
Revision 1.0
For Public Release 2004 March 17 at 1300 UTC (GMT)
----------------------------------------------------------------------
Contents
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice: INTERIM
Distribution
Revision History
Cisco Security Procedures
----------------------------------------------------------------------
Summary
A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004.
An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml.
* Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto
images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series
Routers.
* Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)
are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600
Series Routers.
* Cisco PIX Firewall
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers
* Cisco MDS 9000 Series Multilayer Switch
* Cisco Content Service Switch (CSS) 11000 series
* Cisco Global Site Selector (GSS) 4480
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1
* Cisco Access Registrar (CAR)
The following products have their SSL implementation based on the OpenSSL code and are not affected by this vulnerability.
* Cisco Secure Intrusion Detection System (NetRanger) appliance. This
includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2.
* Cisco SN 5428 and SN 5428-2 Storage Router
* Cisco CNS Configuration Engine
* Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and
6500 Series switches and Cisco 7600 Series routers
* Cisco SIP Proxy Server (SPS)
* CiscoWorks 1105 Hosting Solution Engine (HSE)
* CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
* Cisco Ethernet Subscriber Solution Engine (ESSE)
The following products, which implement SSL, are not affected by this vulnerability.
* Cisco VPN 3000 Series Concentrators
CatOS does not implement SSL and is not vulnerable.
No other Cisco products are currently known to be affected by this vulnerability. This vulnerability is still being actively investigated across Cisco products and status of some products has still not been determined.
Details
Secure Sockets Layer (SSL), is a protocol used to encrypt the data transferred over an TCP session. SSL in Cisco products is mainly used by the HyperText Transfer Protocol Secure (HTTPS) web service for which the default TCP port is 443. The affected products, listed above, are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations.
To check if the HTTPS service is enabled one can do the following:
1. Check the configuration on the device to verify the status of the
HTTPS service.
2. Try to connect to the device using a standard web browser that
supports SSL using a URL similar to https://ip_address_of_device/.
3. Try and connect to the default HTTPS port, TCP 443, using Telnet.
telnet ip_address_of_device 443. If the session connects the service
is enabled and accessible. This
crash on many Cisco products would cause the device to reload.
A third vulnerability described in the NISCC advisory is a bug in older versions of OpenSSL, versions before 0.9.6d, that can also lead to a Denial of Service attack. None of the Cisco OpenSSL implementations are known to be affected by this older OpenSSL issue.
* Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)
image releases in the 12.1E release train for the Cisco 7100 and 7200
Series Routers are affected by this vulnerability. All IOS software
crypto (k8, k9, and k91) image releases in the 12.2SY release train
for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are
affected by this vulnerability. The SSH implementation in IOS is not
dependent on any OpenSSL code. SSH implementations in IOS do not
handle certificates, yet, and therefore do not use any SSL code for
SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for
providing the HTTPS and VPN Device Manager (VDM) services. This
vulnerability is documented in the Cisco Bug Toolkit (registered
customers only) as Bug ID CSCee00041. The HTTPS web service, that uses
the OpenSSL code, on the device is disabled by default. The no ip http
secure-server command may be used to disable the HTTPS web service on
the device, if required. The SSH and IPSec services in IOS are not
vulnerable to this vulnerability.
* Cisco PIX Firewall - PIX 6.x releases are affected by this
vulnerability. PIX 5.x releases do not contain any SSL code and are
not vulnerable. This vulnerability is documented in the Cisco Bug
Toolkit (registered customers only) as Bug ID CSCed90672.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee02055.
* Cisco MDS 9000 Series Multilayer Switches - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCed96246.
* Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x
and 7.x are affected by this vulnerability. This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit
(registered customers only) as Bug ID CSCee01240 for the SSL module.
* Cisco Global Site Selector (GSS) 4480 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01057.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCsa13748.
* Cisco Access Registrar (CAR) - This vulnerability is documented in the
Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956.
The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.
Impact
An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
Software Versions and Fixes
* Cisco IOS -
+----------------------------------------+
|Release| Fixed Releases |Availability |
| Train | | |
|-------+------------------+-------------|
|12.2SY |12.2(14)SY4 |March 25 |
|-------+------------------+-------------|
| |12.1(13)E14 |April 8 |
|12.1E |12.1.(19)E7 |April 8 |
| |12.1(20)E3 |April 26 |
+----------------------------------------+
* Cisco PIX Firewall - The vulnerability is fixed in software releases
6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering
builds may be obtained by contacting the Cisco Technical Assistance
Center (TAC). TAC Contact information is given in the Obtaining Fixed
Software section below.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - The vulnerability is fixed in
software release 1.1.3(14) which will be available by Monday, 22 of
March, 2004. This engineering builds may be obtained by contacting the
Cisco Technical Assistance Center (TAC). TAC Contact information is
given in the Obtaining Fixed Software section below.
* Cisco MDS 9000 Series Multilayer Switches - No fixed software release
or software availability date has been determined yet.
* Cisco Content Service Switch (CSS) 11000 series -No fixed software
release or software availability date has been determined yet.
* Cisco Global Site Selector (GSS) 4480 - No fixed software release or
software availability date has been determined yet.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - No fixed software release or
software availability date has been determined yet.
* Cisco Access Registrar (CAR) - The vulnerability is fixed in software
release 3.5.0.12 which will be available by Friday, 26 of March, 2004.
Obtaining Fixed Software
Cisco is offering free software upgrades to address this vulnerability for all affected customers.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, Customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set forth at the Cisco Connection Online Software Center at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center. To access the software download URL, you must be a registered user and you must be logged in.
Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers, should contact that support organization for assistance with obtaining the software upgrade(s).
Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain a free upgrade to a later version of the same release or as indicated by the applicable corrected software version in the Software Versions and Fixes section (noted above).
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a upgrade. Upgrades for non-contract customers must be requested through the TAC.
Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
Workarounds
The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as it is available.
* Restrict access to the HTTPS server on the network device. Allow
access to the network device only from trusted workstations by using
access lists / MAC filters that are available on the affected
platforms.
* Disable the SSL server / service on the network device. This
workaround must be weighed against the need for secure communications
with the vulnerable device.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco PSIRT by NISCC.
Status of This Notice: INTERIM
This is an interim advisory. Although Cisco cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this advisory.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory will be posted on Cisco's worldwide website at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml .
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org (includes CERT/CC)
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.netsys.com
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------+ |Revision 1.0|2004-March-17|Initial | | | |release. | +------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information.
----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT
iD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid 7AhsNlLsNVSLwTRKTHSigu0= =gtba -----END PGP SIGNATURE----- . Any application that makes use of OpenSSL's SSL/TLS library may be affected. Any application that makes use of OpenSSL's SSL/TLS library may be affected.
Recommendations
Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):
ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.7d.tar.gz
MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5
o openssl-0.9.6m.tar.gz [normal]
MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
MD5 checksum: 4c39d2524bd466180f9077f8efddac8c
The checksums were calculated using the following command:
openssl md5 openssl-0.9*.tar.gz
Credits
Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing.
References
http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "openbsd",
"version": "3.4"
},
{
"_id": null,
"model": "okena stormwatch",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "2.2"
},
{
"_id": null,
"model": "ciscoworks common management foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "2.1"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "1.1.3"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "1.1.2"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1_\\(3.005\\)"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1_\\(0.208\\)"
},
{
"_id": null,
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"_id": null,
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.4"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"_id": null,
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"_id": null,
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"_id": null,
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"_id": null,
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5.2"
},
{
"_id": null,
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"_id": null,
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"_id": null,
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.4"
},
{
"_id": null,
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"_id": null,
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "2.0"
},
{
"_id": null,
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "1.5"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.0"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.04"
},
{
"_id": null,
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.00"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "7.10"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "6.10"
},
{
"_id": null,
"model": "secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "10000"
},
{
"_id": null,
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.0"
},
{
"_id": null,
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"_id": null,
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.3"
},
{
"_id": null,
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "sg208",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"_id": null,
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"_id": null,
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"_id": null,
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"_id": null,
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"_id": null,
"model": "converged communications server",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3.1"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.4"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.3"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.2"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.1"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2"
},
{
"_id": null,
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "4.0"
},
{
"_id": null,
"model": "threat response",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.3"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.2"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "call manager",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "access registrar",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3.1"
},
{
"_id": null,
"model": "access registrar",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.6"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.03"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3.100\\)"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(1\\)"
},
{
"_id": null,
"model": "provider-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "4.1"
},
{
"_id": null,
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"_id": null,
"model": "sg208",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc1"
},
{
"_id": null,
"model": "css11000 content services switch",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.5"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "2.0"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc3"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(1\\)"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.1"
},
{
"_id": null,
"model": "gss 4490 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "edirectory",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "8.5.12a"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.30"
},
{
"_id": null,
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3"
},
{
"_id": null,
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.02"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4\\)"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc2"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.04"
},
{
"_id": null,
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.109\\)"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.2.06"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.10_.0.06s"
},
{
"_id": null,
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.1_build_5336"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.01"
},
{
"_id": null,
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6b-3"
},
{
"_id": null,
"model": "gss 4480 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e12"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc2"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4.101\\)"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1"
},
{
"_id": null,
"model": "threat response",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(5\\)"
},
{
"_id": null,
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.00"
},
{
"_id": null,
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.01"
},
{
"_id": null,
"model": "proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3"
},
{
"_id": null,
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3400"
},
{
"_id": null,
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.2"
},
{
"_id": null,
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3210"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.3"
},
{
"_id": null,
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.12"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2za"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2_.111"
},
{
"_id": null,
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"_id": null,
"model": "aaa server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.40"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy1"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1.1"
},
{
"_id": null,
"model": "crypto accelerator 4000",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.0"
},
{
"_id": null,
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "*"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e14"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "100_r2.0.1"
},
{
"_id": null,
"model": "mds 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "clientless vpn gateway 4400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "5.0"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(1\\)"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(13\\)e9"
},
{
"_id": null,
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5.1.46"
},
{
"_id": null,
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "vsx_ng_with_application_intelligence"
},
{
"_id": null,
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6k"
},
{
"_id": null,
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0_build_7592"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(4\\)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5000_r2.0.1"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.20"
},
{
"_id": null,
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "3.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"_id": null,
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "8.05"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1.02"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "7500_r2.0.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6-15"
},
{
"_id": null,
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"_id": null,
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "2000_r2.0.1"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc1"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.102\\)"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.10_b4"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "500"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"_id": null,
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.10"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.1.02"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.1"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.2"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5x"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.2"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.7a-2"
},
{
"_id": null,
"model": "application and content networking software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(2\\)"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2_0.0.03"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "10000_r2.0.1"
},
{
"_id": null,
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.05.08"
},
{
"_id": null,
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"_id": null,
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.7"
},
{
"_id": null,
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_2.0"
},
{
"_id": null,
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"_id": null,
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"_id": null,
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.1_build_2129"
},
{
"_id": null,
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_3.0"
},
{
"_id": null,
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3\\)"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(19\\)e1"
},
{
"_id": null,
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"_id": null,
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7c"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2sy"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11\\)e"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.0"
},
{
"_id": null,
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later versions"
},
{
"_id": null,
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.5"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "2.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.6"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"_id": null,
"model": "hp wbem services",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for hp-ux a.02.00.00"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"_id": null,
"model": "hp-ux aaa server",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.04 and earlier"
},
{
"_id": null,
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"_id": null,
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later versions"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "hp wbem services",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for linux a.02.00.01"
},
{
"_id": null,
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7110"
},
{
"_id": null,
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7115"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "cisco 7600 for )"
},
{
"_id": null,
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"_id": null,
"model": "trendmicro interscan viruswall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "3.81"
},
{
"_id": null,
"model": "global site selector",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4480 4490"
},
{
"_id": null,
"model": "hp-ux apache-based web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "version"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"_id": null,
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "version 1 2"
},
{
"_id": null,
"model": "netscreen ive",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "all versions"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"_id": null,
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"_id": null,
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "500"
},
{
"_id": null,
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"_id": null,
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.1"
},
{
"_id": null,
"model": "netwatcher",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( sensor device )"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "css 11000 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "firewall-1 gx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "v2.0"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco catalyst 6500 for"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (workgroup)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (hosting)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"_id": null,
"model": "hp-ux apache-based web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.0.49.00"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5"
},
{
"_id": null,
"model": "hp-ux aaa server",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.06"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "vsx ng with application intelligence"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "mds 9000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "multilayer switch"
},
{
"_id": null,
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4000 v1.0"
},
{
"_id": null,
"model": "netscreen idp",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "2.0 - 2.1r6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"_id": null,
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7c and earlier"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "application and content networking system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"_id": null,
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7117"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "hp wbem services",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for hp-ux a.01.05.08 and earlier"
},
{
"_id": null,
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"_id": null,
"model": "css 11500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"_id": null,
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"_id": null,
"model": "ios 12.1 e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "firewall services module",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.07592"
},
{
"_id": null,
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"_id": null,
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.12129"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"_id": null,
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"_id": null,
"model": "clientless vpn gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "44005.0"
},
{
"_id": null,
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "40001.0"
},
{
"_id": null,
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"_id": null,
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"_id": null,
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"_id": null,
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"_id": null,
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"_id": null,
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.24"
},
{
"_id": null,
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.23"
},
{
"_id": null,
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"_id": null,
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"_id": null,
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"_id": null,
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"_id": null,
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.02"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.04"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.03"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.02"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.01"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2"
},
{
"_id": null,
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"_id": null,
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.1"
},
{
"_id": null,
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"_id": null,
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"_id": null,
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"_id": null,
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"_id": null,
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"_id": null,
"model": "openssl096b-0.9.6b-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "openssl096-0.9.6-15.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "openssl-perl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "openssl-devel-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "openssl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "hat fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"_id": null,
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3.1"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.2"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"_id": null,
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.1"
},
{
"_id": null,
"model": "litespeed web server rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"_id": null,
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"_id": null,
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.2"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.1"
},
{
"_id": null,
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"_id": null,
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1.1"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.3"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.1"
},
{
"_id": null,
"model": "wbem a.02.00.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wbem a.02.00.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "wbem a.01.05.08",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.5"
},
{
"_id": null,
"model": "aaa server",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"_id": null,
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"_id": null,
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.13"
},
{
"_id": null,
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.12"
},
{
"_id": null,
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.1"
},
{
"_id": null,
"model": "webns .0.06s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.20.0.03"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.2.06"
},
{
"_id": null,
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.1.02"
},
{
"_id": null,
"model": "webns b4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.10"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"_id": null,
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"_id": null,
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"_id": null,
"model": "ios 12.2za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.2 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44900"
},
{
"_id": null,
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(0.208)"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(3.005)"
},
{
"_id": null,
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "point software vpn-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software vpn-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software vpn-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software vpn-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"_id": null,
"model": "point software firewall-1 gx",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "2.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.12"
},
{
"_id": null,
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"_id": null,
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7500"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5x0"
},
{
"_id": null,
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"_id": null,
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "50"
},
{
"_id": null,
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2000"
},
{
"_id": null,
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10000"
},
{
"_id": null,
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "100"
},
{
"_id": null,
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.4"
},
{
"_id": null,
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"_id": null,
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity r5 r5.1.46",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity audix r5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "intuity s3400",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity s3210",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "gsx server",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "stonegate sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.12"
},
{
"_id": null,
"model": "stonegate",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5x86"
},
{
"_id": null,
"model": "stonegate ibm zseries",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5"
},
{
"_id": null,
"model": "computing sidewinder",
"scope": "ne",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.10"
},
{
"_id": null,
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "4.1"
},
{
"_id": null,
"model": "project openssl d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "project openssl m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.2"
},
{
"_id": null,
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"_id": null,
"model": "secure gateway for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "1.14"
},
{
"_id": null,
"model": "threat response",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"_id": null,
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(0.86)"
},
{
"_id": null,
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90001.3(3.33)"
},
{
"_id": null,
"model": "point software vpn-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software vpn-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "point software firewall-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"_id": null,
"model": "webstar",
"scope": "ne",
"trust": 0.3,
"vendor": "4d",
"version": "5.3.2"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"_id": null,
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "oneworld xe/erp8 applications sp22",
"scope": null,
"trust": 0.3,
"vendor": "peoplesoft",
"version": null
},
{
"_id": null,
"model": "enterpriseone applications",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.93"
},
{
"_id": null,
"model": "enterpriseone applications sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.9"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"_id": null,
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"_id": null,
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"_id": null,
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3"
},
{
"_id": null,
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5"
},
{
"_id": null,
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"_id": null,
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netbsd:netbsd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:openbsd:openbsd",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:vine_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_crypto_accelerator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:access_registrar",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:application_and_content_networking_system_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:call_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:css_11000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:css_11500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:secure_content_accelerator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:firewall_services_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:gss_global_site_selector",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:mds_9000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:okena_stormwatch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:pix_firewall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:threat_response",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:ciscoworks_common_management_foundation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:ciscoworks_common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:juniper:netscreen-idp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:juniper:netscreen-ive",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:checkpoint:firewall-1_gx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:checkpoint:provider-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:checkpoint:vpn-1_firewall-1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_viruswall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:wbem",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:aaa_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:apache-based_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:ipcom",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:netshelter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:netwatcher",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:primergy_ssl_accelerator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
}
]
},
"credits": {
"_id": null,
"data": "OpenSSL Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0079",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0079",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2004-0079",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0079",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2004-0079",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#288574",
"trust": 0.8,
"value": "27.38"
},
{
"author": "NVD",
"id": "CVE-2004-0079",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-124",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"description": {
"_id": null,
"data": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications. \n\n\u00a0Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. \nThe second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability\n\nRevision 1.0\n\n For Public Release 2004 March 17 at 1300 UTC (GMT)\n\n ----------------------------------------------------------------------\n\nContents\n\n Summary\n Affected Products\n Details\n Impact\n Software Versions and Fixes\n Obtaining Fixed Software\n Workarounds\n Exploitation and Public Announcements\n Status of This Notice: INTERIM\n Distribution\n Revision History\n Cisco Security Procedures\n\n ----------------------------------------------------------------------\n\nSummary\n\n A new vulnerability in the OpenSSL implementation for SSL\n has been announced on March 17, 2004. \n\n An affected network device running an SSL server based on an affected\n OpenSSL implementation may be vulnerable to a Denial of Service (DoS)\n attack. There are workarounds available to mitigate the effects of this\n vulnerability on Cisco products in the workaround section of this\n advisory. Cisco is providing fixed software, and recommends that customers\n upgrade to it when it is available. \n\n This advisory will be posted at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. \n\n * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto\n images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series\n Routers. \n * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)\n are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600\n Series Routers. \n * Cisco PIX Firewall\n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers\n * Cisco MDS 9000 Series Multilayer Switch\n * Cisco Content Service Switch (CSS) 11000 series\n * Cisco Global Site Selector (GSS) 4480\n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1\n * Cisco Access Registrar (CAR)\n\n The following products have their SSL implementation based on the OpenSSL\n code and are not affected by this vulnerability. \n\n * Cisco Secure Intrusion Detection System (NetRanger) appliance. This\n includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. \n * Cisco SN 5428 and SN 5428-2 Storage Router\n * Cisco CNS Configuration Engine\n * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and\n 6500 Series switches and Cisco 7600 Series routers\n * Cisco SIP Proxy Server (SPS)\n * CiscoWorks 1105 Hosting Solution Engine (HSE)\n * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)\n * Cisco Ethernet Subscriber Solution Engine (ESSE)\n\n The following products, which implement SSL, are not affected by this\n vulnerability. \n\n * Cisco VPN 3000 Series Concentrators\n\n CatOS does not implement SSL and is not vulnerable. \n\n No other Cisco products are currently known to be affected by this\n vulnerability. This vulnerability is still being actively investigated\n across Cisco products and status of some products has still not been\n determined. \n\nDetails\n\n Secure Sockets Layer (SSL), is a protocol used to encrypt the data\n transferred over an TCP session. SSL in Cisco products is mainly used by\n the HyperText Transfer Protocol Secure (HTTPS) web service for which the\n default TCP port is 443. The affected products, listed above, are only\n vulnerable if they have the HTTPS service enabled and the access to the\n service is not limited to trusted hosts or network management\n workstations. \n\n To check if the HTTPS service is enabled one can do the following:\n\n 1. Check the configuration on the device to verify the status of the\n HTTPS service. \n 2. Try to connect to the device using a standard web browser that\n supports SSL using a URL similar to https://ip_address_of_device/. \n 3. Try and connect to the default HTTPS port, TCP 443, using Telnet. \n telnet ip_address_of_device 443. If the session connects the service\n is enabled and accessible. This\n crash on many Cisco products would cause the device to reload. \n\n A third vulnerability described in the NISCC advisory is a bug in older\n versions of OpenSSL, versions before 0.9.6d, that can also lead to a\n Denial of Service attack. None of the Cisco OpenSSL implementations are\n known to be affected by this older OpenSSL issue. \n\n * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)\n image releases in the 12.1E release train for the Cisco 7100 and 7200\n Series Routers are affected by this vulnerability. All IOS software\n crypto (k8, k9, and k91) image releases in the 12.2SY release train\n for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are\n affected by this vulnerability. The SSH implementation in IOS is not\n dependent on any OpenSSL code. SSH implementations in IOS do not\n handle certificates, yet, and therefore do not use any SSL code for\n SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for\n providing the HTTPS and VPN Device Manager (VDM) services. This\n vulnerability is documented in the Cisco Bug Toolkit (registered\n customers only) as Bug ID CSCee00041. The HTTPS web service, that uses\n the OpenSSL code, on the device is disabled by default. The no ip http\n secure-server command may be used to disable the HTTPS web service on\n the device, if required. The SSH and IPSec services in IOS are not\n vulnerable to this vulnerability. \n * Cisco PIX Firewall - PIX 6.x releases are affected by this\n vulnerability. PIX 5.x releases do not contain any SSL code and are\n not vulnerable. This vulnerability is documented in the Cisco Bug\n Toolkit (registered customers only) as Bug ID CSCed90672. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee02055. \n * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCed96246. \n * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x\n and 7.x are affected by this vulnerability. This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit\n (registered customers only) as Bug ID CSCee01240 for the SSL module. \n * Cisco Global Site Selector (GSS) 4480 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01057. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCsa13748. \n * Cisco Access Registrar (CAR) - This vulnerability is documented in the\n Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956. \n\n The Internetworking Terms and Cisco Systems Acronyms online guides can be\n found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/. \n\nImpact\n\n An affected network device running an SSL server based on the OpenSSL\n implementation may be vulnerable to a Denial of Service (DoS) attack. \n\nSoftware Versions and Fixes\n\n * Cisco IOS -\n\n +----------------------------------------+\n |Release| Fixed Releases |Availability |\n | Train | | |\n |-------+------------------+-------------|\n |12.2SY |12.2(14)SY4 |March 25 |\n |-------+------------------+-------------|\n | |12.1(13)E14 |April 8 |\n |12.1E |12.1.(19)E7 |April 8 |\n | |12.1(20)E3 |April 26 |\n +----------------------------------------+\n\n * Cisco PIX Firewall - The vulnerability is fixed in software releases\n 6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering\n builds may be obtained by contacting the Cisco Technical Assistance\n Center (TAC). TAC Contact information is given in the Obtaining Fixed\n Software section below. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - The vulnerability is fixed in\n software release 1.1.3(14) which will be available by Monday, 22 of\n March, 2004. This engineering builds may be obtained by contacting the\n Cisco Technical Assistance Center (TAC). TAC Contact information is\n given in the Obtaining Fixed Software section below. \n * Cisco MDS 9000 Series Multilayer Switches - No fixed software release\n or software availability date has been determined yet. \n * Cisco Content Service Switch (CSS) 11000 series -No fixed software\n release or software availability date has been determined yet. \n * Cisco Global Site Selector (GSS) 4480 - No fixed software release or\n software availability date has been determined yet. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - No fixed software release or\n software availability date has been determined yet. \n * Cisco Access Registrar (CAR) - The vulnerability is fixed in software\n release 3.5.0.12 which will be available by Friday, 26 of March, 2004. \n\nObtaining Fixed Software\n\n Cisco is offering free software upgrades to address this vulnerability for\n all affected customers. \n\n Customers may only install and expect support for the feature sets they\n have purchased. By installing, downloading, accessing or otherwise using\n such software upgrades, Customers agree to be bound by the terms of\n Cisco\u0027s software license terms found at\n http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set\n forth at the Cisco Connection Online Software Center at\n http://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\n Customers with contracts should obtain upgraded software through their\n regular update channels. For most customers, this means that upgrades\n should be obtained through the Software Center on Cisco\u0027s worldwide\n website at http://www.cisco.com/tacpage/sw-center. To access the software\n download URL, you must be a registered user and you must be logged in. \n\n Customers whose Cisco products are provided or maintained through a prior\n or existing agreement with third-party support organizations such as Cisco\n Partners, authorized resellers, or service providers, should contact that\n support organization for assistance with obtaining the software\n upgrade(s). \n\n Customers who purchase direct from Cisco but who do not hold a Cisco\n service contract and customers who purchase through third-party vendors\n but are unsuccessful at obtaining fixed software through their point of\n sale should get their upgrades by contacting the Cisco Technical\n Assistance Center (TAC) using the contact information listed below. In\n these cases, customers are entitled to obtain a free upgrade to a later\n version of the same release or as indicated by the applicable corrected\n software version in the Software Versions and Fixes section (noted above). \n\n Cisco TAC contacts are as follows:\n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\n See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for\n additional TAC contact information, including special localized telephone\n numbers and instructions and e-mail addresses for use in various\n languages. \n\n Please have your product serial number available and give the URL of this\n notice as evidence of your entitlement to a upgrade. Upgrades for\n non-contract customers must be requested through the TAC. \n\n Please do not contact either \"psirt@cisco.com\" or\n \"security-alert@cisco.com\" for software upgrades. \n\nWorkarounds\n\n The Cisco PSIRT recommends that affected users upgrade to a fixed software\n version of code as soon as it is available. \n\n * Restrict access to the HTTPS server on the network device. Allow\n access to the network device only from trusted workstations by using\n access lists / MAC filters that are available on the affected\n platforms. \n * Disable the SSL server / service on the network device. This\n workaround must be weighed against the need for secure communications\n with the vulnerable device. \n\nExploitation and Public Announcements\n\n The Cisco PSIRT is not aware of any malicious use of the vulnerability\n described in this advisory. \n\n This vulnerability was reported to Cisco PSIRT by NISCC. \n\nStatus of This Notice: INTERIM\n\n This is an interim advisory. Although Cisco cannot guarantee the accuracy\n of all statements in this advisory, all of the facts have been checked to\n the best of our ability. Cisco does not anticipate issuing updated\n versions of this advisory unless there is some material change in the\n facts. Should there be a significant change in the facts, Cisco may update\n this advisory. \n\n A stand-alone copy or paraphrase of the text of this security advisory\n that omits the distribution URL in the following section is an\n uncontrolled copy, and may lack important information or contain factual\n errors. \n\nDistribution\n\n This advisory will be posted on Cisco\u0027s worldwide website at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml . \n\n In addition to worldwide web posting, a text version of this notice is\n clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207\n 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following\n e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-teams@first.org (includes CERT/CC)\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.netsys.com\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\n Future updates of this advisory, if any, will be placed on Cisco\u0027s\n worldwide website, but may or may not be actively announced on mailing\n lists or newsgroups. Users concerned about this problem are encouraged to\n check the above URL for any updates. \n\nRevision History\n\n +------------------------------------------+\n |Revision 1.0|2004-March-17|Initial |\n | | |release. |\n +------------------------------------------+\n\nCisco Security Procedures\n\n Complete information on reporting security vulnerabilities in Cisco\n products, obtaining assistance with security incidents, and registering to\n receive security information from Cisco, is available on Cisco\u0027s worldwide\n website at\n http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This\n includes instructions for press inquiries regarding Cisco security\n notices. All Cisco security advisories are available at\n http://www.cisco.com/go/psirt. \n\n This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may\n be redistributed freely after the release date given at the top of the\n text, provided that redistributed copies are complete and unmodified,\n including all date and version information. \n\n ----------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nComment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT\n\niD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid\n7AhsNlLsNVSLwTRKTHSigu0=\n=gtba\n-----END PGP SIGNATURE-----\n. Any\napplication that makes use of OpenSSL\u0027s SSL/TLS library may be\naffected. Any application that makes use of OpenSSL\u0027s SSL/TLS library\nmay be affected. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\nFTP from the following master locations (you can find the various FTP\nmirrors under http://www.openssl.org/source/mirror.html):\n\n ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n o openssl-0.9.7d.tar.gz\n MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\n \n o openssl-0.9.6m.tar.gz [normal]\n MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\n o openssl-engine-0.9.6m.tar.gz [engine]\n MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\n\nThe checksums were calculated using the following command:\n\n openssl md5 openssl-0.9*.tar.gz\n\nCredits\n-------\n\nPatches for these issues were created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. The OpenSSL team would\nlike to thank Codenomicon for supplying the TLS Test Tool which was\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\nperforming the majority of the testing. \n\nReferences\n----------\n\nhttp://www.codenomicon.com/testtools/tls/\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0079"
},
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
}
],
"trust": 3.96
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8509",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8509"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2004-0079",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#288574",
"trust": 3.3
},
{
"db": "BID",
"id": "9899",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA04-078A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "17398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "18247",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11139",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "17381",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "17401",
"trust": 1.7
},
{
"db": "XF",
"id": "15505",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1009458",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-0791",
"trust": 0.6
},
{
"db": "BID",
"id": "14567",
"trust": 0.3
},
{
"db": "BID",
"id": "13139",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "32886",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "32887",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8509",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"id": "VAR-200411-0172",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8509"
}
],
"trust": 0.52271296
},
"last_update_date": "2026-03-09T20:53:02.960000Z",
"patch": {
"_id": null,
"data": [
{
"title": "openssl",
"trust": 0.8,
"url": "http://www.checkpoint.com/services/techsupport/alerts/openssl.html"
},
{
"title": "cisco-sa-20040317-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"title": "HPSBMA01037",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01007278"
},
{
"title": "HPSBUX01019",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00944046"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00897351"
},
{
"title": "HPSBUX01019",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01019.html"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01011.html"
},
{
"title": "NetScreen Advisory 58466",
"trust": 0.8,
"url": "http://www.juniper.net/support/security/alerts/adv58466-2.txt"
},
{
"title": "openssl096",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=155"
},
{
"title": "AXSA-2005-129:1",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=210"
},
{
"title": "NetBSD-SA2004-005",
"trust": 0.8,
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
},
{
"title": "016: RELIABILITY FIX: March 17, 2004",
"trust": 0.8,
"url": "http://www.openbsd.org/errata34.html#openssl"
},
{
"title": "secadv_20040317",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"title": "RHSA-2005:830",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-830.html"
},
{
"title": "RHSA-2005:829",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-829.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-120.html"
},
{
"title": "RHSA-2004:121",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2004-121.html"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-1"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-1"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-3"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-3"
},
{
"title": "4 Apache Security Update 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng"
},
{
"title": "19387",
"trust": 0.8,
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=19387"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2004/TLSA-2004-9.txt"
},
{
"title": "OpenSSL \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/techsupport/alerts/openssl.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-120J.html"
},
{
"title": "RHSA-2005:830",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-830J.html"
},
{
"title": "RHSA-2005:829",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-829J.html"
},
{
"title": "openssl \u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
"trust": 0.8,
"url": "http://vinelinux.org/errata/25x/20040319-1.html"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2004/TLSA-2004-9j.txt"
},
{
"title": "IPCOM\u30b7\u30ea\u30fc\u30ba\u306eOpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://primeserver.fujitsu.com/ipcom/support/security20040325/"
},
{
"title": "[\u91cd\u8981] OpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://jp.fujitsu.com/support/security/backnumber/2004/0325/"
},
{
"title": "224012",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/niscc.html#224012-OpenSSL"
},
{
"title": "OpenSSL Repair measures for denial of service attack vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169017"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.7,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9899"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"trust": 2.5,
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
},
{
"trust": 1.8,
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"trust": 1.7,
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"trust": 1.7,
"url": "http://fedoranews.org/updates/fedora-2004-095.shtml"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:023"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2621"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5770"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a870"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a975"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9779"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-139.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2005-829.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2005-830.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11139"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17381"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17398"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17401"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18247"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"trust": 1.7,
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"trust": 1.6,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"trust": 1.6,
"url": "http://support.lexmark.com/index?page=content\u0026id=te88\u0026locale=en\u0026userlocale=en_us"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
},
{
"trust": 1.1,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-04:05.openssl.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
},
{
"trust": 0.8,
"url": "http://www.openssl.org"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0079"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15505"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-078a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-224012/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-078a"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0079"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/securitynews/5op0g20caa.html"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040318_082932.html"
},
{
"trust": 0.6,
"url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
},
{
"trust": 0.6,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
},
{
"trust": 0.3,
"url": "http://www.4d.com/products/4dwsv.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3123.html"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-10.html"
},
{
"trust": 0.3,
"url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
},
{
"trust": 0.3,
"url": "http://www.litespeedtech.com"
},
{
"trust": 0.3,
"url": "/archive/1/357672"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.suresec.org/advisories/adv5.pdf"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.3,
"url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
},
{
"trust": 0.3,
"url": "/archive/1/395699"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0079"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0112"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=107953412903636\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
},
{
"trust": 0.1,
"url": "http://support.lexmark.com/index?page=content\u0026amp;id=te88\u0026amp;locale=en\u0026amp;userlocale=en_us"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108403806509920\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2004\u0026amp;m=slackware-security.455961"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-license-agreement.html,"
},
{
"trust": 0.1,
"url": "https://ip_address_of_device/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/tacpage/sw-center."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.codenomicon.com/testtools/tls/"
},
{
"trust": 0.1,
"url": "http://www.openssl.org/source/mirror.html):"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#288574",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2004-0791",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-8509",
"ident": null
},
{
"db": "BID",
"id": "9899",
"ident": null
},
{
"db": "BID",
"id": "14567",
"ident": null
},
{
"db": "BID",
"id": "13139",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "32887",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "32886",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2004-0079",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2004-03-17T00:00:00",
"db": "CERT/CC",
"id": "VU#288574",
"ident": null
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0791",
"ident": null
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8509",
"ident": null
},
{
"date": "2004-03-17T00:00:00",
"db": "BID",
"id": "9899",
"ident": null
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14567",
"ident": null
},
{
"date": "2005-04-12T00:00:00",
"db": "BID",
"id": "13139",
"ident": null
},
{
"date": "2004-03-17T15:44:08",
"db": "PACKETSTORM",
"id": "32887",
"ident": null
},
{
"date": "2004-03-17T14:36:13",
"db": "PACKETSTORM",
"id": "32886",
"ident": null
},
{
"date": "2003-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-124",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000086",
"ident": null
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0079",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2004-03-26T00:00:00",
"db": "CERT/CC",
"id": "VU#288574",
"ident": null
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0791",
"ident": null
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-8509",
"ident": null
},
{
"date": "2015-03-19T08:20:00",
"db": "BID",
"id": "9899",
"ident": null
},
{
"date": "2006-05-05T23:10:00",
"db": "BID",
"id": "14567",
"ident": null
},
{
"date": "2006-05-05T23:30:00",
"db": "BID",
"id": "13139",
"ident": null
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-124",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000086",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0079",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "OpenSSL contains null-pointer assignment in do_change_cipher_spec() function",
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.9
}
}
VAR-202506-0320
Vulnerability from variot - Updated: 2025-06-19 23:23A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can use this vulnerability to submit special requests and execute arbitrary code in the context of the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac18",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "15.03.05.05"
},
{
"model": "ac18",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "ac18",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "ac18 firmware 15.03.05.05"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"cve": "CVE-2025-5609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2025-5609",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2025-007208",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-12408",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-5609",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-007208",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-5609",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2025-007208",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12408",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC18 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can use this vulnerability to submit special requests and execute arbitrary code in the context of the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5609"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "CNVD",
"id": "CNVD-2025-12408"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5609",
"trust": 3.2
},
{
"db": "VULDB",
"id": "311095",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12408",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"id": "VAR-202506-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
}
],
"trust": 1.00125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
}
]
},
"last_update_date": "2025-06-19T23:23:48.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda AC18 /goform/AdvSetLanip handles lanMask parameter buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/697201"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [ others ]",
"trust": 0.8
},
{
"problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://lavender-bicycle-a5a.notion.site/tenda-ac18-fromadvsetlanip-20653a41781f800fbc7bf9ca193c08e3?source=copy_link"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.311095"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.588936"
},
{
"trust": 1.8,
"url": "https://www.tenda.com.cn/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.311095"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5609"
},
{
"trust": 0.6,
"url": "https://lavender-bicycle-a5a.notion.site/tenda-ac18-fromadvsetlanip-20653a41781f800fbc7bf9ca193c08e3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"date": "2025-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"date": "2025-06-04T20:15:25.030000",
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12408"
},
{
"date": "2025-06-18T07:24:00",
"db": "JVNDB",
"id": "JVNDB-2025-007208"
},
{
"date": "2025-06-17T20:41:04.957000",
"db": "NVD",
"id": "CVE-2025-5609"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC18\u00a0 Buffer error vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-007208"
}
],
"trust": 0.8
}
}
VAR-201208-0268
Vulnerability from variot - Updated: 2025-04-11 23:12Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors. This problem does not occur when only the following runtime products are solely used. HITACHI COBOL is an integrated development environment. No detailed details are provided at this time. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Hitachi COBOL GUI Run Time System Code Execution Vulnerability
SECUNIA ADVISORY ID: SA49158
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49158
RELEASE DATE: 2012-05-14
DISCUSS ADVISORY: http://secunia.com/advisories/49158/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49158/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49158
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Hitachi COBOL GUI Run Time System and Hitachi COBOL Server GUI Run Time System, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error. No further information is currently available.
The vulnerability is reported in versions 06-00, 06-01 through 06-01-/A, 07-00, 07-01 through 07-01-/A, and 08-00 through 08-00-/A.
SOLUTION: Update or upgrade to version 07-01-/B or 08-00-/B.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: HS12-013: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cobol gui option server",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"model": "cobol gui option server",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "07-01"
},
{
"model": "cobol gui option server",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "07-01"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.9,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "cobol gui option server",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "07-01\\/a"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08-00\\/a"
},
{
"model": "cobol gui option server",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "08-00\\/a"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "06-01\\/a"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.3,
"vendor": "hitachi",
"version": "06-01"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "07-01\\/a"
},
{
"model": "cobol gui server run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-01"
},
{
"model": "cobol gui server run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"model": "cobol gui server run time system 08-00-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui server run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "cobol gui server run time system 07-01-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00"
},
{
"model": "cobol gui run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-01"
},
{
"model": "cobol gui run time system 07-01-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui run time system",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"model": "cobol gui run time system 08-00-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(windows)"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server (windows)"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server version 7 (windows)"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6 (windows)"
},
{
"model": "cobol gui option",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 7 (windows)"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "cobol gui server run time system 08-00-/b",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui server run time system 07-01-/b",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui run time system 08-00-/b",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cobol gui run time system 07-01-/b",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "BID",
"id": "78127"
},
{
"db": "BID",
"id": "53506"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:cobol_gui_option",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78127"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4274",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-4274",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "VENDOR",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2012-002377",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8815",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4274",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VENDOR",
"id": "JVNDB-2012-002377",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-8815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-179",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors. This problem does not occur when only the following runtime products are solely used. HITACHI COBOL is an integrated development environment. No detailed details are provided at this time. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL GUI Run Time System Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49158\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49158/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49158\n\nRELEASE DATE:\n2012-05-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49158/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49158/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49158\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Hitachi COBOL GUI Run Time\nSystem and Hitachi COBOL Server GUI Run Time System, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nThe vulnerability is reported in versions 06-00, 06-01 through\n06-01-/A, 07-00, 07-01 through 07-01-/A, and 08-00 through 08-00-/A. \n\nSOLUTION:\nUpdate or upgrade to version 07-01-/B or 08-00-/B. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nHS12-013:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4274"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "BID",
"id": "78127"
},
{
"db": "BID",
"id": "53506"
},
{
"db": "PACKETSTORM",
"id": "112713"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4274",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "49158",
"trust": 2.4
},
{
"db": "HITACHI",
"id": "HS12-013",
"trust": 2.3
},
{
"db": "BID",
"id": "53506",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-8815",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-2534",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201205-230",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179",
"trust": 0.6
},
{
"db": "BID",
"id": "78127",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "112713",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "BID",
"id": "78127"
},
{
"db": "BID",
"id": "53506"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "PACKETSTORM",
"id": "112713"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"id": "VAR-201208-0268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
}
],
"trust": 1.95
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
}
]
},
"last_update_date": "2025-04-11T23:12:07.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS12-013",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html"
},
{
"title": "Patch for Hitachi COBOL GUI Run Time System Unknown Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/36009"
},
{
"title": "Patch for Hitachi COBOL GUI Run Time System code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/16955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-013/index.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49158"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/53506"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4274"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4274"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/49158/"
},
{
"trust": 0.3,
"url": "http://www.hitachi.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49158/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49158"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "BID",
"id": "78127"
},
{
"db": "BID",
"id": "53506"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "PACKETSTORM",
"id": "112713"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"db": "BID",
"id": "78127"
},
{
"db": "BID",
"id": "53506"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"db": "PACKETSTORM",
"id": "112713"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"date": "2012-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"date": "2012-08-13T00:00:00",
"db": "BID",
"id": "78127"
},
{
"date": "2012-05-14T00:00:00",
"db": "BID",
"id": "53506"
},
{
"date": "2012-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"date": "2012-05-14T07:11:25",
"db": "PACKETSTORM",
"id": "112713"
},
{
"date": "2012-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"date": "2012-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"date": "2012-08-13T22:55:01.630000",
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"date": "2012-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2534"
},
{
"date": "2012-08-13T00:00:00",
"db": "BID",
"id": "78127"
},
{
"date": "2012-05-14T00:00:00",
"db": "BID",
"id": "53506"
},
{
"date": "2012-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002377"
},
{
"date": "2012-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"date": "2012-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-179"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-4274"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-230"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-179"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi COBOL GUI Run Time System Unknown Remote Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8815"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-230"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "78127"
}
],
"trust": 0.3
}
}
VAR-200611-0508
Vulnerability from variot - Updated: 2025-04-10 23:25Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). D-LINK DWL-G132 is a high performance 802.11g wireless network card.
D-Link DWL-G132 wireless network card A5AGU.SYS driver has a stack overflow vulnerability. A remote attacker may use this vulnerability to execute arbitrary instructions on the user's machine. Because the overflow is triggered by a beacon frame, all network cards in the attack range are affected. The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. The ASAGU.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver. Note also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections. Version 1.0.1.41 of the ASAGU.SYS driver is reported vulnerable; other versions may also be affected.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow
SECUNIA ADVISORY ID: SA22860
VERIFY ADVISORY: http://secunia.com/advisories/22860/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: D-Link Wireless USB Network Adapter Driver 1.x http://secunia.com/product/12585/
DESCRIPTION: H D Moore has reported a vulnerability in D-Link DWL-G132 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet.
PROVIDED AND/OR DISCOVERED BY: H D Moore
ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-13-11-2006.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-g132",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dwl-g132",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dwl-g132",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "asagu.sys",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "1.0.1.41"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"db": "BID",
"id": "21032"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dwl-g132",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "H D Moore \u003chdm@metasploit.com\u003e is credited with the discovery of this vulnerability. Assistance was provided by Matt Miller \u003cmmiller@hick.org\u003e, Johnny Cache \u003cjohnnycsh@802.11mercenary.net\u003e, and LMH \u003clmh@info-pull.com\u003e.",
"sources": [
{
"db": "BID",
"id": "21032"
}
],
"trust": 0.3
},
"cve": "CVE-2006-6055",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-6055",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-22163",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-6055",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-6055",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-334",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-22163",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2006-6055",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). D-LINK DWL-G132 is a high performance 802.11g wireless network card. \n\n\u00a0D-Link DWL-G132 wireless network card A5AGU.SYS driver has a stack overflow vulnerability. A remote attacker may use this vulnerability to execute arbitrary instructions on the user\u0027s machine. Because the overflow is triggered by a beacon frame, all network cards in the attack range are affected. The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. \nExploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. \nThe ASAGU.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the \u0027ndiswrapper\u0027 tool should determine if they are using a vulnerable instance of the driver. \nNote also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections. \nVersion 1.0.1.41 of the ASAGU.SYS driver is reported vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA22860\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22860/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nD-Link Wireless USB Network Adapter Driver 1.x\nhttp://secunia.com/product/12585/\n\nDESCRIPTION:\nH D Moore has reported a vulnerability in D-Link DWL-G132 Wireless\ndriver, which can be exploited by malicious people to compromise a\nvulnerable system. This can be exploited to\ncause a stack-based buffer overflow via a specially crafted packet. \n\nPROVIDED AND/OR DISCOVERED BY:\nH D Moore\n\nORIGINAL ADVISORY:\nhttp://projects.info-pull.com/mokb/MOKB-13-11-2006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6055"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"db": "BID",
"id": "21032"
},
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"db": "PACKETSTORM",
"id": "52061"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-22163",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2771",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6055",
"trust": 3.5
},
{
"db": "BID",
"id": "21032",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "22860",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1017215",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-4488",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-8432",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "2771",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-70903",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-22163",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-6055",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52061",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"db": "BID",
"id": "21032"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "PACKETSTORM",
"id": "52061"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"id": "VAR-200611-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"db": "VULHUB",
"id": "VHN-22163"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8432"
}
]
},
"last_update_date": "2025-04-10T23:25:12.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://projects.info-pull.com/mokb/mokb-13-11-2006.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/21032"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017215"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/22860"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/4488"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6055"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6055"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/4488"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/?pid=358"
},
{
"trust": 0.3,
"url": "http://uninformed.org/index.cgi?v=6\u0026a=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/2771/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22860/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12585/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"db": "BID",
"id": "21032"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "PACKETSTORM",
"id": "52061"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"db": "VULHUB",
"id": "VHN-22163"
},
{
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"db": "BID",
"id": "21032"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"db": "PACKETSTORM",
"id": "52061"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"date": "2006-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-22163"
},
{
"date": "2006-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"date": "2006-11-13T00:00:00",
"db": "BID",
"id": "21032"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"date": "2006-11-16T03:19:38",
"db": "PACKETSTORM",
"id": "52061"
},
{
"date": "2006-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"date": "2006-11-22T01:07:00",
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8432"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-22163"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2006-6055"
},
{
"date": "2016-07-06T13:33:00",
"db": "BID",
"id": "21032"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001595"
},
{
"date": "2006-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-334"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-6055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-G132 Wireless adapter A5AGU.SYS Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001595"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-334"
}
],
"trust": 0.6
}
}
VAR-200612-0248
Vulnerability from variot - Updated: 2025-04-10 23:24Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. Versions prior to DlgWrapper.dll 8.4.166.0 are affected.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. visits a malicious website.
The vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140 including DlgWrapper.dll 8.0.138.0.
SOLUTION: Update to DlgWrapper.dll 8.4.166.0 by applying the hotfix: http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip
PROVIDED AND/OR DISCOVERED BY: Will Dormann
ORIGINAL ADVISORY: US-CERT VU#251969: http://www.kb.cert.org/vuls/id/251969
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dialog wrapper module activex control",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "8.4.165.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iconics",
"version": null
},
{
"model": "dialog wrapper module activex control",
"scope": "lt",
"trust": 0.8,
"vendor": "iconics",
"version": "8.4.166.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dialog wrapper module activex control",
"scope": "eq",
"trust": 0.6,
"vendor": "iconics",
"version": "8.4.165.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dialog wrapper module activex control",
"version": "*"
},
{
"model": "vessel/gauge/switch activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "8.02.140.0"
},
{
"model": "dlgwrapper.dll",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "8.0.138.0"
},
{
"model": "dialog wrapper module activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "iconics",
"version": "0"
},
{
"model": "dlgwrapper.dll",
"scope": "ne",
"trust": 0.3,
"vendor": "iconics",
"version": "8.4.166.0"
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:iconics:dialog_wrapper_module_activex_control",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann",
"sources": [
{
"db": "BID",
"id": "21849"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 0.9
},
"cve": "CVE-2006-6488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-6488",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "98456900-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-6488",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#251969",
"trust": 0.8,
"value": "9.23"
},
{
"author": "NVD",
"id": "CVE-2006-6488",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-721",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. ICONICS is a professional company that provides OPC-based visualization software. Failed attempts can crash the host application. \nVersions prior to DlgWrapper.dll 8.4.166.0 are affected. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. visits a malicious website. \n\nThe vulnerability is confirmed in ICONICS Vessel ActiveX 8.02.140\nincluding DlgWrapper.dll 8.0.138.0. \n\nSOLUTION:\nUpdate to DlgWrapper.dll 8.4.166.0 by applying the hotfix:\nhttp://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip\n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann\n\nORIGINAL ADVISORY:\nUS-CERT VU#251969:\nhttp://www.kb.cert.org/vuls/id/251969\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6488"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "53382"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6488",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#251969",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "23583",
"trust": 2.6
},
{
"db": "BID",
"id": "21849",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2007-0025",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "32552",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2007-0011",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721",
"trust": 1.0
},
{
"db": "EXPLOIT-DB",
"id": "6570",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556",
"trust": 0.8
},
{
"db": "XF",
"id": "31228",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "9823",
"trust": 0.6
},
{
"db": "IVD",
"id": "98456900-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D7A13-463F-11E9-A5CB-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "53382",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"id": "VAR-200612-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
]
},
"last_update_date": "2025-04-10T23:24:27.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.iconics.com/Home.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/251969"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23583"
},
{
"trust": 1.6,
"url": "http://osvdb.org/32552"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/21849"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0025"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"
},
{
"trust": 0.9,
"url": "http://www.iconics.com/support/free_tools/freetoolsactivex_dlgwrapperhotfix.zip"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/23583/"
},
{
"trust": 0.8,
"url": "http://www.iconics.com/support/free_tools.asp"
},
{
"trust": 0.8,
"url": "http://www.iconics.com/support/readme_file.asp?file=195"
},
{
"trust": 0.8,
"url": "http://www.digitalmunition.com/iconics_dlgwrapper.rb"
},
{
"trust": 0.8,
"url": "http://www.milw0rm.com/exploits/6570"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6488"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6488"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0025"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/31228"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/9823"
},
{
"trust": 0.3,
"url": "http://carnal0wnage.blogspot.com/2008/10/malware-targeting-industrial-control.html"
},
{
"trust": 0.3,
"url": "http://www.iconics.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13097/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13096/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13098/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#251969"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"db": "BID",
"id": "21849"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"db": "PACKETSTORM",
"id": "53382"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-02T00:00:00",
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2007-01-02T00:00:00",
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"date": "2007-01-02T00:00:00",
"db": "CERT/CC",
"id": "VU#251969"
},
{
"date": "2007-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"date": "2007-01-02T00:00:00",
"db": "BID",
"id": "21849"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"date": "2007-01-03T23:45:45",
"db": "PACKETSTORM",
"id": "53382"
},
{
"date": "2006-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"date": "2006-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-29T00:00:00",
"db": "CERT/CC",
"id": "VU#251969"
},
{
"date": "2007-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0011"
},
{
"date": "2015-03-19T09:49:00",
"db": "BID",
"id": "21849"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002556"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-721"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-6488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2007-0011"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "98456900-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d7a13-463f-11e9-a5cb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-721"
}
],
"trust": 1.0
}
}
VAR-200708-0154
Vulnerability from variot - Updated: 2025-04-10 23:24The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.
There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.
Details of the vulnerability are currently unknown.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling
SECUNIA ADVISORY ID: SA26250
VERIFY ADVISORY: http://secunia.com/advisories/26250/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From local network
SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/
DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions.
Please see the vendor's advisory for a list of affected products and versions.
SOLUTION: Please see the vendor's advisory for fix details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus erp integrator",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "groupmax collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus erp integrator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "developer client set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional library set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard set"
},
{
"model": "groupmax collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server standard version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server enterprise version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "groupmax collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow standard set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow professional library set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow developer client set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_erp_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_opentp1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:electronic_form_workflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:groupmax_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_opentp1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "25145"
}
],
"trust": 0.3
},
"cve": "CVE-2007-4124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2007-4124",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2007-001133",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4124",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2007-001133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges. Hitachi uCosminexus is an application server system. \n\n\u00a0There is a vulnerability in Hitachi uCosminexus\u0027s session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data. \n\n\u00a0Details of the vulnerability are currently unknown. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Products Cosminexus Component Container Improper Session Data\nHandling\n\nSECUNIA ADVISORY ID:\nSA26250\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26250/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nuCosminexus Application Server\nhttp://secunia.com/product/13819/\nuCosminexus Service Platform\nhttp://secunia.com/product/13823/\nuCosminexus Developer\nhttp://secunia.com/product/13820/\nuCosminexus Service Architect\nhttp://secunia.com/product/13821/\nCosminexus 6.x\nhttp://secunia.com/product/5795/\n\nDESCRIPTION:\nA security issue has been reported in Hitachi products, which\npotentially can be exploited by malicious users to gain knowledge of\nsensitive information or bypass certain security restrictions. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "PACKETSTORM",
"id": "58201"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4124",
"trust": 3.3
},
{
"db": "BID",
"id": "25145",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "26250",
"trust": 2.6
},
{
"db": "HITACHI",
"id": "HS07-024",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "37852",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2725",
"trust": 1.6
},
{
"db": "XF",
"id": "35706",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4792",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "58201",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"id": "VAR-200708-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
],
"trust": 0.8833333299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
]
},
"last_update_date": "2025-04-10T23:24:23.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS07-024",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/26250"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/25145"
},
{
"trust": 2.0,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/37852"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/2725"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/35706"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2725"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4124"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4124"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13823/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26250/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5795/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13820/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13821/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13819/"
}
],
"sources": [
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2007-07-31T00:00:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58201"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"date": "2007-08-01T16:17:00",
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2007-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cosminexus Component Container Session Handling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
}
}
VAR-200610-0526
Vulnerability from variot - Updated: 2025-04-10 23:23Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. PHP Classifieds is a web-based directory classification program written in PHP.
PHP Classifieds lacks proper and sufficient filtering of the parameters submitted by users, and remote attackers can use this vulnerability to unauthorizedly manipulate the database. Remote attackers can gain unauthorized access to the database by inserting specific SQL commands into the input data. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: PHP Classifieds "catid" and "catid_search" SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA22264
VERIFY ADVISORY: http://secunia.com/advisories/22264/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE:
From remote
SOFTWARE: PHP Classifieds 7.x http://secunia.com/product/12226/ PHP Classifieds 6.x http://secunia.com/product/8084/
DESCRIPTION: Kzar has discovered some vulnerabilities in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by inserting arbitrary SQL code.
The vulnerabilities have been confirmed in version 7.1. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: Kzar
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php classifieds",
"scope": "eq",
"trust": 2.7,
"vendor": "deltascripts",
"version": "7.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"db": "BID",
"id": "20359"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:deltascripts:php_classifieds",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kzar is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "20359"
}
],
"trust": 0.3
},
"cve": "CVE-2006-5208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-5208",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-140",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. PHP Classifieds is a web-based directory classification program written in PHP. \n\n\u00a0PHP Classifieds lacks proper and sufficient filtering of the parameters submitted by users, and remote attackers can use this vulnerability to unauthorizedly manipulate the database. Remote attackers can gain unauthorized access to the database by inserting specific SQL commands into the input data. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nPHP Classifieds \"catid\" and \"catid_search\" SQL Injection\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA22264\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22264/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP Classifieds 7.x\nhttp://secunia.com/product/12226/\nPHP Classifieds 6.x\nhttp://secunia.com/product/8084/\n\nDESCRIPTION:\nKzar has discovered some vulnerabilities in PHP Classifieds, which\ncan be exploited by malicious people to conduct SQL injection\nattacks. This can be exploited to manipulate\nSQL queries by inserting arbitrary SQL code. \n\nThe vulnerabilities have been confirmed in version 7.1. Other\nversions may also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nKzar\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5208"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"db": "BID",
"id": "20359"
},
{
"db": "PACKETSTORM",
"id": "50762"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5208",
"trust": 3.0
},
{
"db": "BID",
"id": "20359",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "22264",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "2479",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3924",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-7679",
"trust": 0.6
},
{
"db": "XF",
"id": "29354",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "2479",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "50762",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"db": "BID",
"id": "20359"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "PACKETSTORM",
"id": "50762"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"id": "VAR-200610-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
}
]
},
"last_update_date": "2025-04-10T23:23:50.316000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.deltascripts.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/20359"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22264"
},
{
"trust": 1.6,
"url": "http://kzar.co.uk/exploits/phpclassifieds_exploit"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3924"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/2479"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29354"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5208"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5208"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29354"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/2479"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3924"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/2479"
},
{
"trust": 0.3,
"url": "http://www.deltascripts.com/phpclassifieds/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8084/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12226/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22264/"
}
],
"sources": [
{
"db": "BID",
"id": "20359"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "PACKETSTORM",
"id": "50762"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"db": "BID",
"id": "20359"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"db": "PACKETSTORM",
"id": "50762"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"date": "2006-10-05T00:00:00",
"db": "BID",
"id": "20359"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"date": "2006-10-09T23:01:07",
"db": "PACKETSTORM",
"id": "50762"
},
{
"date": "2006-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"date": "2006-10-10T04:06:00",
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"date": "2006-10-05T21:05:00",
"db": "BID",
"id": "20359"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001358"
},
{
"date": "2006-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-140"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP Classifieds catid_search and catid variable remote SQL injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-7679"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "50762"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-140"
}
],
"trust": 0.7
}
}
VAR-200708-0152
Vulnerability from variot - Updated: 2025-04-10 23:23Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software.
There is a vulnerability in the implementation of Hitachi JP1 / Cm2 / Hierarchical Viewer. A remote attacker may use this vulnerability to cause a denial of service.
HV generates an error when processing malformed data, which makes the HV web interface unavailable. Attackers can exploit this issue to cause denial-of-service conditions.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Please see the vendor's advisory for a list of affected versions.
SOLUTION: Please see the vendor's advisory for fix information.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jp1-cm2-hierarchical viewer",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "06.71_b"
},
{
"model": "jp1-cm2-hierarchical viewer",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "06.00"
},
{
"model": "jp1-cm2-hierarchical viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "06-00 to 06-71-/b"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "jp1/cm2/hierarchical viewer 06-71-/b (wi",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00-"
},
{
"model": "jp1/cm2/hierarchical viewer 06-71-/b (so",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00-"
},
{
"model": "jp1/cm2/hierarchical viewer 06-71-/b (hp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00-"
},
{
"model": "jp1/cm2/hierarchical viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00(*4)"
},
{
"model": "jp1/cm2/hierarchical viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00(*3)"
},
{
"model": "jp1/cm2/hierarchical viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00(*2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"db": "BID",
"id": "25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:jp1-cm2-hierarchical_viewer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "25144"
}
],
"trust": 0.3
},
"cve": "CVE-2007-4122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-4122",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4122",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-4122",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-011",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain \"unexpected data.\". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. \n\n\u00a0There is a vulnerability in the implementation of Hitachi JP1 / Cm2 / Hierarchical Viewer. A remote attacker may use this vulnerability to cause a denial of service. \n\n\u00a0HV generates an error when processing malformed data, which makes the HV web interface unavailable. \nAttackers can exploit this issue to cause denial-of-service conditions. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nPlease see the vendor\u0027s advisory for a list of affected versions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix information. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-021_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4122"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"db": "BID",
"id": "25144"
},
{
"db": "PACKETSTORM",
"id": "58205"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4122",
"trust": 3.3
},
{
"db": "HITACHI",
"id": "HS07-021",
"trust": 2.0
},
{
"db": "BID",
"id": "25144",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "26242",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-2722",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37853",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4795",
"trust": 0.6
},
{
"db": "XF",
"id": "35703",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "58205",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"db": "BID",
"id": "25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "PACKETSTORM",
"id": "58205"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"id": "VAR-200708-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4795"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4795"
}
]
},
"last_update_date": "2025-04-10T23:23:41.836000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS07-021",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-021/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-021_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/26242"
},
{
"trust": 1.6,
"url": "http://osvdb.org/37853"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/25144"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35703"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2722"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4122"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4122"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2722"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35703"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/groupmax/product/suiteindex.html#coll"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26242/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15094/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "PACKETSTORM",
"id": "58205"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"db": "BID",
"id": "25144"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"db": "PACKETSTORM",
"id": "58205"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"date": "2007-07-31T00:00:00",
"db": "BID",
"id": "25144"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58205"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"date": "2007-08-01T16:17:00",
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4795"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25144"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004207"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-011"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi JP1/Cm2/HV Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-011"
}
],
"trust": 0.6
}
}
VAR-200705-0058
Vulnerability from variot - Updated: 2025-04-10 23:22Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. Honeywell is a well-known American security products company, and Ademco is one of its anti-theft alarm products.
The ATNBaseLoader100 module (ATNBaseLoader100.dll) used by Ademco products has a buffer overflow vulnerability when processing malformed parameters. Remote attackers may use this vulnerability to control user machines.
The ATNBaseLoader100 module (ATNBaseLoader100.dll) ActiveX control has a stack overflow vulnerability when processing the Send485CMD (), SetLoginID (), and AddSite () methods. If a user is tricked into visiting a malicious site and passing long parameters to these methods, this overflow can be triggered, causing arbitrary instructions to be executed. Ademco ATNBaseLoader100 ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts likely result in denial-of-service conditions. Ademco ATNBaseLoader100 ActiveX control 5.4.0.6 is vulnerable to this issue; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ademco atnbaseloader100 module",
"scope": "eq",
"trust": 2.4,
"vendor": "honeywell",
"version": "5.4.0.6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ademco atnbaseloader100 activex control",
"scope": "eq",
"trust": 0.3,
"vendor": "honeywell",
"version": "5.4.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"db": "BID",
"id": "24172"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:honeywell:ademco_atnbaseloader100_module",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:internet_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod rgod@autistici.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-2938",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2938",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-2938",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-532",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. Honeywell is a well-known American security products company, and Ademco is one of its anti-theft alarm products. \n\n\u00a0The ATNBaseLoader100 module (ATNBaseLoader100.dll) used by Ademco products has a buffer overflow vulnerability when processing malformed parameters. Remote attackers may use this vulnerability to control user machines. \n\n\u00a0The ATNBaseLoader100 module (ATNBaseLoader100.dll) ActiveX control has a stack overflow vulnerability when processing the Send485CMD (), SetLoginID (), and AddSite () methods. If a user is tricked into visiting a malicious site and passing long parameters to these methods, this overflow can be triggered, causing arbitrary instructions to be executed. Ademco ATNBaseLoader100 ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts likely result in denial-of-service conditions. \nAdemco ATNBaseLoader100 ActiveX control 5.4.0.6 is vulnerable to this issue; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2938"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"db": "BID",
"id": "24172"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2938",
"trust": 3.3
},
{
"db": "BID",
"id": "24172",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "3993",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25430",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "36700",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-1958",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-3514",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"db": "BID",
"id": "24172"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"id": "VAR-200705-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3514"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3514"
}
]
},
"last_update_date": "2025-04-10T23:22:31.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.security.honeywell.com/"
},
{
"title": "Ademco ATNBaseLoader100 Module",
"trust": 0.8,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/3993"
},
{
"trust": 1.6,
"url": "http://osvdb.org/36700"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25430"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24172"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2007/1958"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34548"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2938"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2938"
},
{
"trust": 0.3,
"url": "http://www.security.honeywell.com/"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "BID",
"id": "24172"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"db": "BID",
"id": "24172"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"date": "2007-05-26T00:00:00",
"db": "BID",
"id": "24172"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"date": "2007-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"date": "2007-05-31T00:30:00",
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3514"
},
{
"date": "2015-05-07T17:37:00",
"db": "BID",
"id": "24172"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003920"
},
{
"date": "2021-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-532"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-2938"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ademco ATNBaseLoader100.dll Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-532"
}
],
"trust": 0.6
}
}
VAR-200706-0068
Vulnerability from variot - Updated: 2025-04-10 23:21Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. D-Link DWL-G650 is a widely used wireless network card. Patching plan: The vendor has not released any upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com/products/?pid=358. The D-Link Wireless Device Driver for DWL-G650 devices is prone to a buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue potentially allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. D-Link DWL-G650 6.0.0.18 (Rev. A1) is reported vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.2,
"vendor": "none",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "*"
},
{
"model": "dwl-g650+",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 6.0.0.18"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows xp",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "dwl-g650",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "6.018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "BID",
"id": "24438"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dwl-g650%2B",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laurent Butti\u203b laurent.butti@orange-ftgroup.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0933",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0933",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-24295",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0933",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-0933",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-054",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-24295",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2007-0933",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24295"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. D-Link DWL-G650 is a widely used wireless network card. Patching plan: The vendor has not released any upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com/products/?pid=358. The D-Link Wireless Device Driver for DWL-G650 devices is prone to a buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. \nExploiting this issue potentially allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. \nD-Link DWL-G650 6.0.0.18 (Rev. A1) is reported vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0933"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "BID",
"id": "24438"
},
{
"db": "VULHUB",
"id": "VHN-24295"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0933",
"trust": 3.5
},
{
"db": "BID",
"id": "24438",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "25602",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "36160",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2007-3843",
"trust": 0.6
},
{
"db": "CNCVE",
"id": "CNCVE-20070933",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2007-3824",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-24295",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-0933",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "VULHUB",
"id": "VHN-24295"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "BID",
"id": "24438"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"id": "VAR-200706-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "VULHUB",
"id": "VHN-24295"
}
],
"trust": 0.13
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
}
]
},
"last_update_date": "2025-04-10T23:21:46.025000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com"
},
{
"title": "Windows XP",
"trust": 0.8,
"url": "http://windows.microsoft.com/en-US/windows/products/windows-xp"
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/flowerhack/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/PleXone2019/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/wi-fi-analyzer/wifuzzit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/25602"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/24438"
},
{
"trust": 2.1,
"url": "http://www.blackhat.com/presentations/bh-europe-07/butti/presentation/bh-eu-07-butti.pdf"
},
{
"trust": 1.8,
"url": "http://osvdb.org/36160"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34831"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0933"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0933"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/?pid=11"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=13530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "VULHUB",
"id": "VHN-24295"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "BID",
"id": "24438"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"db": "VULHUB",
"id": "VHN-24295"
},
{
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"db": "BID",
"id": "24438"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"date": "2007-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"date": "2007-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-24295"
},
{
"date": "2007-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"date": "2007-06-12T00:00:00",
"db": "BID",
"id": "24438"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"date": "2007-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"date": "2007-06-05T21:30:00",
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"date": "2007-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-3824"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-24295"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0933"
},
{
"date": "2007-06-13T04:39:00",
"db": "BID",
"id": "24438"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003380"
},
{
"date": "2007-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-054"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0933"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-G650 TIM Information Element Wireless Drive Beacon Remote Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-3843"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-054"
}
],
"trust": 0.6
}
}
VAR-200708-0254
Vulnerability from variot - Updated: 2025-04-10 23:19NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. ReadyNAS is a direct-attached storage device based on Linux and debian-sparc platforms.
ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started.
The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it.
After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption.
At startup, the / linuxrc file in the initrd image is first executed as follows:
--------------
SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e 's /.* HWaddr //'
--e 's / // g'`
SEED2 = cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,
[ EDIT : removed SEED3 as friendly requested by vendor]
echo "root:echo \ "$ SEED1 $ SEED2 $ SEED3 \" | md5sum | cut -f1 -d ''" |
chpasswd
# TAKE ME OUT !!
[-s /sysroot/.os_passwd] && echo "root:` / sysroot / usr / bin / head -1
/ sysroot / .os_passwd` "| chpasswd
#################
/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2> $ ERR
rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts
/sysroot/root/.ssh/* 2> $ ERR
--------------
The password is initialized by md5 and the following components:
a.) MAC address obtained from ifconfig
b.) Software version number read from / etc / raidiator_version
c.) Shared keychain in SEED3
Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. Successfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. This issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Infrant ReadyNAS Devices SSH Default Root Password Weakness
SECUNIA ADVISORY ID: SA26442
VERIFY ADVISORY: http://secunia.com/advisories/26442/
CRITICAL: Not critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Infrant ReadyNAS Devices 3.x http://secunia.com/product/15287/
DESCRIPTION: Brian Chapados and Felix Domke have reported a weakness in Infrant ReadyNAS devices, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that the device includes an SSH daemon that cannot be disabled and that the password for the SSH root account on the device is generated using certain device-specific values (e.g. MAC address, serial number, version number) and cannot be changed permanently.
The weakness is reported in ReadyNAS devices with RAIDiator 3.01c1-p1, 3.01c1-p6.
SOLUTION: The vendor has provided the ToggleSSH add-on to disable/enable SSH on the device and has released RAIDiator 4.00b2-p2-T1 beta version, which has SSH disabled by default.
http://www.infrant.com/download/addons/ToggleSSH_1.0.bin http://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1
PROVIDED AND/OR DISCOVERED BY: Brian Chapados and Felix Domke
ORIGINAL ADVISORY: Infrant Technologies: http://www.infrant.com/forum/viewtopic.php?t=12313 http://www.infrant.com/forum/viewtopic.php?t=12249
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.01c1-p6"
},
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.01c1-p1"
},
{
"model": "readynas raidiator",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "4.00b2-p2-t1 beta"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "readynas raidiator 3.01c1-p6",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "readynas raidiator 3.01c1-p1",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "readynas raidiator",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:readynas_raidiator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Chapados brian@chapados.org Felix Domke tmbinc@elitedvb.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-4361",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-27723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4361",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-4361",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-247",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-27723",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. ReadyNAS is a direct-attached storage device based on Linux and debian-sparc platforms. \n\n\u00a0ReadyNAS has two users enabled by default, one is admin (the default password is infrant1) and the other is root. Each time it starts, it uses a hard-coded algorithm to generate the root password, which uses the Ethernet MAC address and software version number. And a hash of the shared secret. The root password cannot be changed permanently, so it is reset every time it is started. \n\n\u00a0The ReadyNAS device boots from the built-in flash memory, and the Linux kernel and the initrd image are in this flash memory. At startup, the initrd image will look for the installed hard disk and initialize it. If an uninitialized hard disk is found, it will be added to the RAID array. A part of the hard disk will be used as the root file system. A tarball stored in the flash will initialize it. \n\n\u00a0After loading the rootfs, some consistency checks are performed, and some important configuration files are encrypted and backed up. These files cannot be changed without decryption. \n\n\u00a0At startup, the / linuxrc file in the initrd image is first executed as follows:\n\n\u00a0--------------\n\n\u00a0SEED1 = `/ sysroot / sbin / ifconfig eth0 | grep HWaddr | sed -e \u0027s /.* HWaddr //\u0027\n\n\u00a0--e \u0027s / // g\u0027`\n\n\u00a0SEED2 = `cut -f2 -d = / sysroot / etc / raidiator_version | cut -f1 -d,`\n\n\u00a0[* EDIT *: removed SEED3 as friendly requested by vendor]\n\n\u00a0echo \"root:` echo \\ \"$ SEED1 $ SEED2 $ SEED3 \\\" | md5sum | cut -f1 -d \u0027\u0027 `\" |\n\n\u00a0chpasswd\n\n\u00a0# TAKE ME OUT !!\n\n\u00a0[-s /sysroot/.os_passwd] \u0026\u0026 echo \"root:` / sysroot / usr / bin / head -1\n\n\u00a0/ sysroot / .os_passwd` \"| chpasswd\n\n\u00a0#################\n\n\u00a0/ sysroot / bin / mv / etc / passwd / sysroot / etc / passwd 2\u003e $ ERR\n\n\u00a0rm -rf / sysroot / etc / hosts_equiv /sysroot/root/.rhosts\n\n\u00a0/sysroot/root/.ssh/* 2\u003e $ ERR\n\n\u00a0--------------\n\n\u00a0The password is initialized by md5 and the following components:\n\n\u00a0a.) MAC address obtained from ifconfig\n\n\u00a0b.) Software version number read from / etc / raidiator_version\n\n\u00a0c.) Shared keychain in SEED3\n\n\u00a0Even though the root password varies from device to device (the MAC address is also part of the hash), it is still not secret. First, if the NAS device is in the local LAN, you can query the MAC address through ARP request. Second, the default host name is nas-xx-yy-zz (which can be displayed on the https-based interface), and xx, yy, zz It is the last 3 octal digits of the MAC address; finally, the version of the software can be determined by brute force guessing. \nSuccessfully exploiting this issue allows remote attackers to gain superuser-level access to affected devices. \nThis issue affects devices with firmware versions 3.01c1-p1 and 3.01c1-p6 installed; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nInfrant ReadyNAS Devices SSH Default Root Password Weakness\n\nSECUNIA ADVISORY ID:\nSA26442\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26442/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nInfrant ReadyNAS Devices 3.x\nhttp://secunia.com/product/15287/\n\nDESCRIPTION:\nBrian Chapados and Felix Domke have reported a weakness in Infrant\nReadyNAS devices, which can be exploited by malicious people to\nbypass certain security restrictions. \n\nThe problem is that the device includes an SSH daemon that cannot be\ndisabled and that the password for the SSH root account on the device\nis generated using certain device-specific values (e.g. MAC address,\nserial number, version number) and cannot be changed permanently. \n\nThe weakness is reported in ReadyNAS devices with RAIDiator\n3.01c1-p1, 3.01c1-p6. \n\nSOLUTION:\nThe vendor has provided the ToggleSSH add-on to disable/enable SSH on\nthe device and has released RAIDiator 4.00b2-p2-T1 beta version, which\nhas SSH disabled by default. \n\nhttp://www.infrant.com/download/addons/ToggleSSH_1.0.bin\nhttp://www.infrant.com/beta/raidiator/4.0/RAIDiator-4.00b2-p2-T1\n\nPROVIDED AND/OR DISCOVERED BY:\nBrian Chapados and Felix Domke\n\nORIGINAL ADVISORY:\nInfrant Technologies:\nhttp://www.infrant.com/forum/viewtopic.php?t=12313\nhttp://www.infrant.com/forum/viewtopic.php?t=12249\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4361"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "PACKETSTORM",
"id": "58544"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4361",
"trust": 3.4
},
{
"db": "BID",
"id": "25290",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26442",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3017",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "36357",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4989",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070813 DEFAULT ROOT PASSWORD IN INFRANT (NOW NETGEAR) READYNAS \"RAIDIATOR\"",
"trust": 0.6
},
{
"db": "XF",
"id": "36011",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58544",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"id": "VAR-200708-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2025-04-10T23:19:59.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.infrant.com/forum/viewtopic.php?t=12313"
},
{
"trust": 1.8,
"url": "http://www.infrant.com/forum/viewtopic.php?t=12249"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25290"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/36357"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26442"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3017"
},
{
"trust": 1.6,
"url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026start=30"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/476266/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36011"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4361"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4361"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/476266/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36011"
},
{
"trust": 0.3,
"url": "http://www.infrant.com/products/products.php"
},
{
"trust": 0.3,
"url": "/archive/1/476266"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/forum/viewtopic.php?t=3366\u0026amp;start=30"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15287/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/download/addons/togglessh_1.0.bin"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.infrant.com/beta/raidiator/4.0/raidiator-4.00b2-p2-t1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "VULHUB",
"id": "VHN-27723"
},
{
"db": "BID",
"id": "25290"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"db": "PACKETSTORM",
"id": "58544"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"date": "2007-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27723"
},
{
"date": "2007-08-13T00:00:00",
"db": "BID",
"id": "25290"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"date": "2007-08-14T17:37:33",
"db": "PACKETSTORM",
"id": "58544"
},
{
"date": "2007-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"date": "2007-08-15T19:17:00",
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27723"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25290"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004281"
},
{
"date": "2007-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-247"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR ReadyNAS RAIDiator default root user password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4989"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "25290"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-247"
}
],
"trust": 0.9
}
}
VAR-200702-0361
Vulnerability from variot - Updated: 2025-04-10 23:19Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. TagIt! Tagboard Is register_globals When is enabled, PHP A remote file inclusion vulnerability exists. This vulnerability CVE-2006-5249 Is a different vulnerability.By a third party, within the following parameters URL Through any PHP The code may be executed. TagIt! Tagboard 2.1.B Build 2 and earlier versions have vulnerabilities. TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200702-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tagboard",
"scope": "lte",
"trust": 1.0,
"vendor": "tagit",
"version": "2.1.b_build_2"
},
{
"model": "tagboard",
"scope": "lte",
"trust": 0.8,
"vendor": "tagit",
"version": "2.1.b build 2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "tagboard",
"scope": "eq",
"trust": 0.6,
"vendor": "tagit",
"version": "2.1.b_build_2"
},
{
"model": "tagit2b 2.1.b build",
"scope": "eq",
"trust": 0.3,
"vendor": "tagit",
"version": "2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"db": "BID",
"id": "22518"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:tagit:tagboard",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "K-159 is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "22518"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
}
],
"trust": 0.9
},
"cve": "CVE-2007-0900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0900",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0900",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-0900",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200702-264",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. TagIt! Tagboard Is register_globals When is enabled, PHP A remote file inclusion vulnerability exists. This vulnerability CVE-2006-5249 Is a different vulnerability.By a third party, within the following parameters URL Through any PHP The code may be executed. TagIt! Tagboard 2.1.B Build 2 and earlier versions have vulnerabilities. TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. \nExploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0900"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"db": "BID",
"id": "22518"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0900",
"trust": 2.7
},
{
"db": "BID",
"id": "22518",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-0557",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34607",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34603",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34611",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34606",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34609",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34612",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34613",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34617",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34616",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34605",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34604",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34615",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34608",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34614",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34618",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34610",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094",
"trust": 0.8
},
{
"db": "CNCVE",
"id": "CNCVE-20070900",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2007-0966",
"trust": 0.6
},
{
"db": "XF",
"id": "32436",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"db": "BID",
"id": "22518"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"id": "VAR-200702-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
}
]
},
"last_update_date": "2025-04-10T23:19:14.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tagit2b Download",
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/20451/references"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/22518"
},
{
"trust": 1.6,
"url": "http://advisories.echo.or.id/adv/adv65-k-159-2007.txt"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34618"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34617"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34616"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34615"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34614"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34613"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34612"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34611"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34610"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34609"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34608"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34607"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34606"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34605"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34604"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/34603"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32436"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0557"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0900"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0900"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0557"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/32436"
},
{
"trust": 0.3,
"url": "http://www.deadlysin3.net/tagit2b/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"db": "BID",
"id": "22518"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"db": "BID",
"id": "22518"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"date": "2007-02-12T00:00:00",
"db": "BID",
"id": "22518"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"date": "2007-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"date": "2007-02-13T20:28:00",
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0966"
},
{
"date": "2015-05-12T19:34:00",
"db": "BID",
"id": "22518"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005094"
},
{
"date": "2007-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-264"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0900"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TagIt! Tagboard In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-264"
}
],
"trust": 0.6
}
}
VAR-200701-0013
Vulnerability from variot - Updated: 2025-04-10 23:18The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. (1) TCP port 10618 To &CONNECTSERVER& String (2) TCP port 10618 To &ADDENTRY& String (3) TCP port 10618 To &FIN& String (4) TCP port 10618 To &START& String (5) TCP port 10618 To &LOGPATH& String (6) TCP port 10618 To &FWADELTA& String (7) TCP port 10618 To &FWALOG& String (8) TCP port 10618 To &SETSYNCHRONOUS& String (9) TCP port 10618 To &SETPRGFILE& String (10) TCP port 10618 To &SETREPLYPORT& String. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/21994.py Patching plan: The vendor has not released an upgrade patch for the time being, please pay attention to the vendor address in time: http://www.eiqnetworks.com/products/ NetworkSecurityAnalyzer.shtml. A malicious server could cause a vulnerable client application to crash, effectively denying service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 1.9,
"vendor": "eiqnetworks",
"version": "2.5"
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 1.9,
"vendor": "eiqnetworks",
"version": "2.1"
},
{
"model": "enterprise security analyzer",
"scope": "eq",
"trust": 1.9,
"vendor": "eiqnetworks",
"version": "2.0"
},
{
"model": "enterprise security analyzer",
"scope": null,
"trust": 0.8,
"vendor": "eiqnetworks",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"db": "BID",
"id": "21994"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:eiqnetworks:enterprise_security_analyzer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ethan Hunt is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "21994"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
}
],
"trust": 0.9
},
"cve": "CVE-2007-0228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0228",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0228",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-0228",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-170",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) \u0026CONNECTSERVER\u0026 (2) \u0026ADDENTRY\u0026 (3) \u0026FIN\u0026 (4) \u0026START\u0026 (5) \u0026LOGPATH\u0026 (6) \u0026FWADELTA\u0026 (7) \u0026FWALOG\u0026 (8) \u0026SETSYNCHRONOUS\u0026 (9) \u0026SETPRGFILE\u0026, or (10) \u0026SETREPLYPORT\u0026 string to TCP port 10618, which triggers a NULL pointer dereference. (1) TCP port 10618 To \u0026CONNECTSERVER\u0026 String (2) TCP port 10618 To \u0026ADDENTRY\u0026 String (3) TCP port 10618 To \u0026FIN\u0026 String (4) TCP port 10618 To \u0026START\u0026 String (5) TCP port 10618 To \u0026LOGPATH\u0026 String (6) TCP port 10618 To \u0026FWADELTA\u0026 String (7) TCP port 10618 To \u0026FWALOG\u0026 String (8) TCP port 10618 To \u0026SETSYNCHRONOUS\u0026 String (9) TCP port 10618 To \u0026SETPRGFILE\u0026 String (10) TCP port 10618 To \u0026SETREPLYPORT\u0026 String. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/21994.py Patching plan: The vendor has not released an upgrade patch for the time being, please pay attention to the vendor address in time: http://www.eiqnetworks.com/products/ NetworkSecurityAnalyzer.shtml. \nA malicious server could cause a vulnerable client application to crash, effectively denying service",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"db": "BID",
"id": "21994"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "21994",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2007-0228",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "23693",
"trust": 2.2
},
{
"db": "OSVDB",
"id": "32725",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-0147",
"trust": 1.6
},
{
"db": "XF",
"id": "31428",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379",
"trust": 0.8
},
{
"db": "CNCVE",
"id": "CNCVE-20070228",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2007-0176",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070110 EIQ NETWORKS NETWORK SECURITY ANALYZER DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"db": "BID",
"id": "21994"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"id": "VAR-200701-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
}
]
},
"last_update_date": "2025-04-10T23:18:16.664000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eiqnetworks.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html"
},
{
"trust": 2.2,
"url": "http://secunia.com/advisories/23693"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/21994"
},
{
"trust": 1.6,
"url": "http://osvdb.org/32725"
},
{
"trust": 1.2,
"url": "http://www.frsirt.com/english/advisories/2007/0147"
},
{
"trust": 1.2,
"url": "http://xforce.iss.net/xforce/xfdb/31428"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0147"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31428"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0228"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0228"
},
{
"trust": 0.3,
"url": "http://www.eiqnetworks.com/products/networksecurityanalyzer.shtml"
},
{
"trust": 0.3,
"url": "msg://bugtraq/20070110221244.e29e9b0fef@ws4-4.us4.outblaze.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"db": "BID",
"id": "21994"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"db": "BID",
"id": "21994"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"date": "2007-01-10T00:00:00",
"db": "BID",
"id": "21994"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"date": "2007-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"date": "2007-01-13T02:28:00",
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-0176"
},
{
"date": "2007-01-11T00:40:00",
"db": "BID",
"id": "21994"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001379"
},
{
"date": "2007-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-170"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EIQ Networks Network Security Analyzer Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001379"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-170"
}
],
"trust": 0.6
}
}
VAR-200702-0413
Vulnerability from variot - Updated: 2025-04-10 23:18PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. CS-Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. CS-Gallery 2.0 is vulnerable; other versions may also be affected.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: CS-Gallery "album" File Inclusion Vulnerability
SECUNIA ADVISORY ID: SA24291
VERIFY ADVISORY: http://secunia.com/advisories/24291/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: CS-Gallery 2.x http://secunia.com/product/13564/
DESCRIPTION: burncycle has discovered a vulnerability in CS-Gallery, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "album" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Successful exploitation requires that "register_globals" is enabled and that the "todo" parameter is set to "securealbum".
The vulnerability is confirmed in version 2.0.
SOLUTION: Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: burncycle
ORIGINAL ADVISORY: http://www.milw0rm.com/exploits/3372
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200702-0413",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-gallery",
"scope": "lte",
"trust": 1.8,
"vendor": "cs gallery",
"version": "2.0"
},
{
"model": "cs-gallery",
"scope": "eq",
"trust": 0.9,
"vendor": "cs gallery",
"version": "2.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"db": "BID",
"id": "22712"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cs-gallery:cs-gallery",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "burncycle",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2007-1108",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-1108",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-1108",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200702-501",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. CS-Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. \nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. \nCS-Gallery 2.0 is vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nCS-Gallery \"album\" File Inclusion Vulnerability\n\nSECUNIA ADVISORY ID:\nSA24291\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24291/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCS-Gallery 2.x\nhttp://secunia.com/product/13564/\n\nDESCRIPTION:\nburncycle has discovered a vulnerability in CS-Gallery, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nInput passed to the \"album\" parameter in index.php is not properly\nverified before being used to include files. This can be exploited to\ninclude arbitrary files from local or external resources. \n\nSuccessful exploitation requires that \"register_globals\" is enabled\nand that the \"todo\" parameter is set to \"securealbum\". \n\nThe vulnerability is confirmed in version 2.0. \n\nSOLUTION:\nEdit the source code to ensure that input is properly verified. \n\nPROVIDED AND/OR DISCOVERED BY:\nburncycle\n\nORIGINAL ADVISORY:\nhttp://www.milw0rm.com/exploits/3372\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"db": "BID",
"id": "22712"
},
{
"db": "PACKETSTORM",
"id": "54683"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1108",
"trust": 2.7
},
{
"db": "BID",
"id": "22712",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "24291",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "3372",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0734",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "33754",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613",
"trust": 0.8
},
{
"db": "CNCVE",
"id": "CNCVE-20071108",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2007-1295",
"trust": 0.6
},
{
"db": "XF",
"id": "32674",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "3372",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "54683",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"db": "BID",
"id": "22712"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "PACKETSTORM",
"id": "54683"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"id": "VAR-200702-0413",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
}
]
},
"last_update_date": "2025-04-10T23:18:15.338000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/22712"
},
{
"trust": 1.6,
"url": "http://osvdb.org/33754"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/24291"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32674"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0734"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/3372"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1108"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1108"
},
{
"trust": 0.7,
"url": "http://www.milw0rm.com/exploits/3372"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/32674"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0734"
},
{
"trust": 0.3,
"url": "http://www.cschneider.de"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24291/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13564/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"db": "BID",
"id": "22712"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "PACKETSTORM",
"id": "54683"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"db": "BID",
"id": "22712"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"db": "PACKETSTORM",
"id": "54683"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"date": "2007-02-24T00:00:00",
"db": "BID",
"id": "22712"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"date": "2007-02-27T16:54:22",
"db": "PACKETSTORM",
"id": "54683"
},
{
"date": "2007-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"date": "2007-02-26T17:28:00",
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1295"
},
{
"date": "2015-05-12T19:34:00",
"db": "BID",
"id": "22712"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001613"
},
{
"date": "2007-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-501"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-1108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Christian Schneider CS-Gallery of index.php In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001613"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-501"
}
],
"trust": 0.6
}
}
VAR-200611-0485
Vulnerability from variot - Updated: 2025-04-10 23:16Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. NetGear MA521 is an 802.11b wireless PC network card.
If a malformed frame (beacon or probe response) is received in the active scan mode, the MA521nd5.SYS driver of the MA521 will attempt to write to a memory location controlled by the attacker. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. Note that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections. Version 5.148.724.2003 of the MA521nd5.SYS driver is vulnerable to this issue; other versions may also be affected.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: NetGear MA521 Wireless Driver Long Rates Memory Corruption
SECUNIA ADVISORY ID: SA23036
VERIFY ADVISORY: http://secunia.com/advisories/23036/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: NetGear MA521 802.11b Wireless PC Card 5.x http://secunia.com/product/12673/
DESCRIPTION: Laurent Butti has reported a vulnerability in NetGear MA521 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to cause a memory corruption via a specially crafted packet when the driver is running in active scanning mode.
The vulnerability is reported in version 5.148.724.2003.
SOLUTION: Turn off the wireless card when not in use.
PROVIDED AND/OR DISCOVERED BY: Laurent Butti
ORIGINAL ADVISORY: http://projects.info-pull.com/mokb/MOKB-18-11-2006.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ma521 driver",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "5.148.724.2003"
},
{
"model": "ma521 driver",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "5.148.724.2003"
},
{
"model": "ma521 driver",
"scope": "eq",
"trust": 0.7,
"vendor": "netgear",
"version": "5.148.724.2003"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ma521nd5.sys driver",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "5.148.7242003"
},
{
"model": "ma521 wireless adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "BID",
"id": "21175"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:netgear:ma521_driver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laurent Butti laurent.butti@orange-ftgroup.comH D Moore hdm@metasploit.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6059",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-6059",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-22167",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-6059",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#395496",
"trust": 0.8,
"value": "3.99"
},
{
"author": "NVD",
"id": "CVE-2006-6059",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-325",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-22167",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2006-6059",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395496"
},
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a \"memory corruption\" error, but the associated exploit code suggests that it is a buffer overflow. A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. NetGear MA521 is an 802.11b wireless PC network card. \n\n\u00a0If a malformed frame (beacon or probe response) is received in the active scan mode, the MA521nd5.SYS driver of the MA521 will attempt to write to a memory location controlled by the attacker. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions. \nNote that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections. \nVersion 5.148.724.2003 of the MA521nd5.SYS driver is vulnerable to this issue; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nNetGear MA521 Wireless Driver Long Rates Memory Corruption\n\nSECUNIA ADVISORY ID:\nSA23036\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23036/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNetGear MA521 802.11b Wireless PC Card 5.x\nhttp://secunia.com/product/12673/\n\nDESCRIPTION:\nLaurent Butti has reported a vulnerability in NetGear MA521 Wireless\ndriver, which can be exploited by malicious people to compromise a\nvulnerable system. This can\nbe exploited to cause a memory corruption via a specially crafted\npacket when the driver is running in active scanning mode. \n\nThe vulnerability is reported in version 5.148.724.2003. \n\nSOLUTION:\nTurn off the wireless card when not in use. \n\nPROVIDED AND/OR DISCOVERED BY:\nLaurent Butti\n\nORIGINAL ADVISORY:\nhttp://projects.info-pull.com/mokb/MOKB-18-11-2006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6059"
},
{
"db": "CERT/CC",
"id": "VU#395496"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"db": "BID",
"id": "21175"
},
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "PACKETSTORM",
"id": "52316"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-22167",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29096",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395496",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2006-6059",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "23036",
"trust": 2.7
},
{
"db": "BID",
"id": "21175",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1017254",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-4604",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-8551",
"trust": 0.6
},
{
"db": "XF",
"id": "30442",
"trust": 0.6
},
{
"db": "XF",
"id": "521",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29096",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-82632",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-22167",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-6059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52316",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395496"
},
{
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "BID",
"id": "21175"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "PACKETSTORM",
"id": "52316"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"id": "VAR-200611-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22167"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:16:59.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.netgear.com/"
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/0xd012/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/flowerhack/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/PleXone2019/wifuzzit "
},
{
"title": "wifuzzit",
"trust": 0.1,
"url": "https://github.com/wi-fi-analyzer/wifuzzit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/395496"
},
{
"trust": 2.7,
"url": "http://projects.info-pull.com/mokb/mokb-18-11-2006.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/21175"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017254"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/23036"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2006/4604"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30442"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/23036/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6059"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6059"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/4604"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/30442"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/products/adapters/bwirelessadapters/ma521.aspx"
},
{
"trust": 0.3,
"url": "http://kernelfun.blogspot.com/2006/11/mokb-18-11-2006-netgear-ma521-wireless.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/29096/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12673/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395496"
},
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "BID",
"id": "21175"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "PACKETSTORM",
"id": "52316"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395496"
},
{
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"db": "VULHUB",
"id": "VHN-22167"
},
{
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"db": "BID",
"id": "21175"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"db": "PACKETSTORM",
"id": "52316"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#395496"
},
{
"date": "2006-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"date": "2006-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-22167"
},
{
"date": "2006-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"date": "2006-11-18T00:00:00",
"db": "BID",
"id": "21175"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"date": "2006-11-20T16:05:00",
"db": "PACKETSTORM",
"id": "52316"
},
{
"date": "2006-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"date": "2006-11-22T01:07:00",
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-20T00:00:00",
"db": "CERT/CC",
"id": "VU#395496"
},
{
"date": "2006-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-8551"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-22167"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2006-6059"
},
{
"date": "2016-07-06T13:33:00",
"db": "BID",
"id": "21175"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002443"
},
{
"date": "2006-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-325"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-6059"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetGear wireless driver fails to properly process certain 802.11 management frames",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-325"
}
],
"trust": 0.6
}
}
VAR-200801-0249
Vulnerability from variot - Updated: 2025-04-10 23:16Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. GE Fanuc CIMPLICITY HMI Contains a heap buffer overflow vulnerability. GE Fanuc CIMPLICITY HMI Is a product used for monitoring and controlling production information systems. this CIMPLICITY Network service processes (w32rtr.exe) Contains a heap buffer overflow vulnerability on both the server and the client. Attackers have this vulnerability CIMPLICITY HMI This vulnerability could be exploited by sending crafted packets to the system.Arbitrary code execution or denial of service by a remote attacker (DoS) There is a possibility of being attacked.
GE Fanuc CIMPLICITY has a vulnerability in processing malformed requests. Remote attackers could use this vulnerability to control servers. An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions. Versions prior to CIMPLICITY 7.0 SIM 9 are vulnerable.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer Overflow
SECUNIA ADVISORY ID: SA28663
VERIFY ADVISORY: http://secunia.com/advisories/28663/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
SOFTWARE: Proficy HMI/SCADA - CIMPLICITY 6.x http://secunia.com/product/11105/ Proficy HMI/SCADA - CIMPLICITY 7.x http://secunia.com/product/17337/
DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in w32rtr.exe when processing packets and can be exploited to cause a heap-based buffer overflow by sending a specially-crafted packet to default port 32000/TCP.
The vulnerability is reported in version 6.1.
SOLUTION: Apply hotfixes. Please see the vendor's advisory for details.
- CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106
- CIMPLICITY 7.0 SIM 9
PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security
ORIGINAL ADVISORY: GE Fanuc (KB12458): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html
OTHER REFERENCES: US-CERT VU#308556: http://www.kb.cert.org/vuls/id/308556
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Background
Vendor product information: CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for the collection, monitoring, supervisory control and sharing of critical process and production data throughout your operations CIMPLICITY has been used in all industries -- from process to discrete, to system monitoring. It is extremely well suited for discrete applications, and handles very large amounts of digital signals and alarm bursts. Its advanced Client/Sever architecture makes it easy to start small and expand your system. The description of the vulnerability is intentionally limited as this software controls critical national infrastructure.
Impact
An attacker can compromise the Cimplicity 6.1 control server, and each of the operator workstations.
Workaround/Fix
The vendor issued a hotfix to resolve this vulnerability
Additional Information
For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0176
Credit
This vulnerability was discovered and exploited by Gilad Bakas and Eyal Udassin of C4.
Regards,
Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com http://www.c4-security.com/ +972-547-684989
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge fanuc",
"version": "7.0_sim8"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge fanuc",
"version": "6.1_sp6_hf_010708_162517_6106"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "cimplicity",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ge fanuc",
"version": null
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "ge fanuc",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge fanuc",
"version": "6.1_sp6_hf_010708_162517_6106"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge fanuc",
"version": "7.0_sim8"
},
{
"model": "fanuc cimplicity sim8",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": "fanuc cimplicity sim7",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": "fanuc cimplicity sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.1"
},
{
"model": "fanuc cimplicity sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.1"
},
{
"model": "fanuc cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.1"
},
{
"model": "fanuc cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.0"
},
{
"model": "fanuc cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "0"
},
{
"model": "fanuc cimplicity sim9",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"db": "BID",
"id": "27447"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_fanuc:cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Douglas A. Stewart of CERT as well as Gilad Bakas and Eyal Udassin of C4 are credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "27447"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
}
],
"trust": 0.9
},
"cve": "CVE-2008-0176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-0176",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "067d2766-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7ae201-463f-11e9-819f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0176",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308556",
"trust": 0.8,
"value": "3.01"
},
{
"author": "NVD",
"id": "CVE-2008-0176",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-410",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. GE Fanuc CIMPLICITY HMI Contains a heap buffer overflow vulnerability. GE Fanuc CIMPLICITY HMI Is a product used for monitoring and controlling production information systems. this CIMPLICITY Network service processes (w32rtr.exe) Contains a heap buffer overflow vulnerability on both the server and the client. Attackers have this vulnerability CIMPLICITY HMI This vulnerability could be exploited by sending crafted packets to the system.Arbitrary code execution or denial of service by a remote attacker (DoS) There is a possibility of being attacked. \n\n\u00a0GE Fanuc CIMPLICITY has a vulnerability in processing malformed requests. Remote attackers could use this vulnerability to control servers. \nAn attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions. \nVersions prior to CIMPLICITY 7.0 SIM 9 are vulnerable. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer\nOverflow\n\nSECUNIA ADVISORY ID:\nSA28663\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28663/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nProficy HMI/SCADA - CIMPLICITY 6.x\nhttp://secunia.com/product/11105/\nProficy HMI/SCADA - CIMPLICITY 7.x\nhttp://secunia.com/product/17337/\n\nDESCRIPTION:\nEyal Udassin has reported a vulnerability in Proficy HMI/SCADA -\nCIMPLICITY, which can be exploited by malicious people to cause a DoS\n(Denial of Service) or compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in w32rtr.exe\nwhen processing packets and can be exploited to cause a heap-based\nbuffer overflow by sending a specially-crafted packet to default port\n32000/TCP. \n\nThe vulnerability is reported in version 6.1. \n\nSOLUTION:\nApply hotfixes. Please see the vendor\u0027s advisory for details. \n\n* CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106\n* CIMPLICITY 7.0 SIM 9\n\nPROVIDED AND/OR DISCOVERED BY:\nEyal Udassin, C4 Security\n\nORIGINAL ADVISORY:\nGE Fanuc (KB12458):\nhttp://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12458\n\nC4 Security (via BugTraq):\nhttp://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html\n\nOTHER REFERENCES:\nUS-CERT VU#308556:\nhttp://www.kb.cert.org/vuls/id/308556\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Background\n-----------------\nVendor product information:\nCIMPLICITY is a powerful and technically advanced HMI/SCADA product. With\nits open system design approach, true client/server architecture, and the\nlatest web technologies, CIMPLICITY allows you to realize the benefits of\ndigitization for the collection, monitoring, supervisory control and sharing\nof critical process and production data throughout your operations\nCIMPLICITY has been used in all industries -- from process to discrete, to\nsystem monitoring. It is extremely well suited for discrete applications,\nand handles very large amounts of digital signals and alarm bursts. Its\nadvanced Client/Sever architecture makes it easy to start small and expand\nyour system. \nThe description of the vulnerability is intentionally limited as this\nsoftware controls critical national infrastructure. \n \nImpact\n----------\nAn attacker can compromise the Cimplicity 6.1 control server, and each of\nthe operator workstations. \n \nWorkaround/Fix\n-----------------------\nThe vendor issued a hotfix to resolve this vulnerability \n \nAdditional Information\n-------------------------------\nFor additional information please contact us at info@c4-security.com. Note\nthat we will respond only to verified utility personnel and governmental\nagencies. \nThe CVE identifier assigned to this vulnerability by CERT is CVE-2008-0176\n \nCredit\n--------\nThis vulnerability was discovered and exploited by Gilad Bakas and Eyal\nUdassin of C4. \n \nRegards,\n \nEyal Udassin - C4 (Formerly Swift Coders)\n33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel\neyal.udassin@c4-security.com / www.c4-security.com\n\u003chttp://www.c4-security.com/\u003e \n+972-547-684989\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0176"
},
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"db": "BID",
"id": "27447"
},
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "63057"
},
{
"db": "PACKETSTORM",
"id": "63004"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0176",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#308556",
"trust": 3.0
},
{
"db": "BID",
"id": "27447",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "28663",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019275",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2008-0306",
"trust": 1.6
},
{
"db": "SREASON",
"id": "3592",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2008-0434",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080125 C4 SECURITY ADVISORY - GE FANUC CIMPLICITY 6.1 HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080129 RE: C4 SECURITY ADVISORY - GE FANUC CIMPLICITY 6.1 HEAP OVERFLOW",
"trust": 0.6
},
{
"db": "IVD",
"id": "067D2766-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7AE201-463F-11E9-819F-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "63057",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63004",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"db": "BID",
"id": "27447"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "PACKETSTORM",
"id": "63057"
},
{
"db": "PACKETSTORM",
"id": "63004"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"id": "VAR-200801-0249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
}
]
},
"last_update_date": "2025-04-10T23:16:41.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Securing Your HMI/SCADA Systems",
"trust": 0.8,
"url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
},
{
"title": "KB12458",
"trust": 0.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12458"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12458"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/28663"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/27447"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1019275"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/308556"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3592"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/0306"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0306"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487076/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487241/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/487076/30/0/threaded"
},
{
"trust": 0.8,
"url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0176"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23308556/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0176"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487076/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487241/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.gefanuc.com/as_en/products_solutions/hmi_scada/products/proficy_cimplicity.html"
},
{
"trust": 0.3,
"url": "/archive/1/487076"
},
{
"trust": 0.3,
"url": "/archive/1/487241"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11105/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28663/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17337/"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html"
},
{
"trust": 0.1,
"url": "http://www.c4-security.com/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0176"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "BID",
"id": "27447"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "PACKETSTORM",
"id": "63057"
},
{
"db": "PACKETSTORM",
"id": "63004"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#308556"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"db": "BID",
"id": "27447"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"db": "PACKETSTORM",
"id": "63057"
},
{
"db": "PACKETSTORM",
"id": "63004"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-24T00:00:00",
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2008-01-24T00:00:00",
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"date": "2008-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#308556"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"date": "2008-01-24T00:00:00",
"db": "BID",
"id": "27447"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"date": "2008-01-29T00:00:58",
"db": "PACKETSTORM",
"id": "63057"
},
{
"date": "2008-01-26T00:10:20",
"db": "PACKETSTORM",
"id": "63004"
},
{
"date": "2008-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"date": "2008-01-29T02:00:00",
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#308556"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0434"
},
{
"date": "2008-01-29T16:27:00",
"db": "BID",
"id": "27447"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001054"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-410"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-0176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE-Fanuc CIMPLICITY w32rtr.exe Remote Heap Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-0434"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "067d2766-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7ae201-463f-11e9-819f-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-410"
}
],
"trust": 1.0
}
}
VAR-200806-0031
Vulnerability from variot - Updated: 2025-04-10 23:16Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. Citect Made by company CitectSCADA Contains a buffer overflow vulnerability. Citect CitectSCADA Is SCADA (Supervisory Control And Data Acquisition) Software used for monitoring and control in the system. CitectSCADA Contains a buffer overflow vulnerability because it cannot properly handle crafted requests from clients.Arbitrary code is executed by a remote party or service operation is interrupted (DoS) There is a possibility of being attacked.
Citect SCADA and CitectFacilities include ODBC server functionality to provide remote SQL access to relational databases. The ODBC server component listens to client requests from the network on the port 20222 / tcp by default. The application layer protocol on TCP reads the 4-byte initial message to specify the length of the data in the next message, and then sockets from the same TCP. Word reads the next message of this length, where the first 5 bytes are a fixed header. After the second message in the network is read into the buffer, the data is copied to a fixed-size internal buffer on the stack.
Due to the lack of a correct length check of the data read, memory copy operations using fixed-size target buffers allocated on the stack may overflow, allowing unauthenticated remote attackers to execute arbitrary instructions on the vulnerable system . CitectSCADA is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Citect Products ODBC Server Component Buffer Overflow
SECUNIA ADVISORY ID: SA30638
VERIFY ADVISORY: http://secunia.com/advisories/30638/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
SOFTWARE: CitectFacilities 7.x http://secunia.com/product/19043/ CitectSCADA 6.x http://secunia.com/product/19041/ CitectSCADA 7.x http://secunia.com/product/19042/
DESCRIPTION: Core Security Technologies has reported a vulnerability in CitectSCADA and CitectFacilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is reported in the following versions: * CitectSCADA v6 * CitectSCADA v7 * CitectFacilities v7
SOLUTION: Contact the vendor for patches.
PROVIDED AND/OR DISCOVERED BY: Sebasti\xe1n Mu\xf1iz, Core Security Technologies
ORIGINAL ADVISORY: CORE-2008-0125: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2186
OTHER REFERENCES: US-CERT VU#476345: http://www.kb.cert.org/vuls/id/476345
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory ~ http://www.coresecurity.com/corelabs/
~ CitectSCADA ODBC service vulnerability
Advisory Information
Title: CitectSCADA ODBC service vulnerability Advisory ID: CORE-2008-0125 Advisory URL: http://www.coresecurity.com/?action=item&id=2186 Date published: 2008-06-11 Date of last update: 2008-06-10 Vendors contacted: Citect Release mode: Coordinated release
Vulnerability Information
Class: Buffer overflow
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: 29634
CVE Name: CVE-2008-2639
Vulnerability Description
Citect is a supplier of industrial automation software with headquarters in Australia and over 20 offices in Oceania, South East Asia, China, Japan, the Americas, Europe, Africa and the Middle East. Citect's products are distributed in over 80 countries through a network of more than 500 partners. According to Citect's website [1] the company, a fully owned subsidiary of Schneider Electric, has more than 150,000 licenses of its software sold to date. Citect's products are used by organizations worldwide in numerous industries including Aerospace & Defense, Oil & Gas, Power/Utilities, Chemical, Pharmaceutical, Manufacturing and others. with an integrated Human Machine Interface (HMI) / SCADA solution to deliver a scalable and reliable control and monitoring system. The system is composed by software installed on standard computer equipment running on commercial-of-the-shelf Microsoft Windows operating systems. To accomplish such goal the would-be attacker must be able to connect to the vulnerable service on a TCP high-port.
Vulnerable Packages
. CitectSCADA v6 . CitectSCADA v7 . CitectFacilities v7
Non-vulnerable Packages
. Contact the vendor for fixed versions of the product.
Vendor Information, Solutions and Workarounds
In general process control networks should be physically isolated from corporate or other publicly accessible data networks as such an isolated network will limit the exposure of systems with network facing vulnerabilities only to accidental disruption or potentially malicious users or systems within the process control network itself.
However, if physical isolation of the process control network is not feasible it is strongly recommended to enforce and monitor strict network access control mechanisms to verify that only the absolute minimal required set of systems from both within and outside the process control network are allowed to connect to any systems within the process control network. In this particular case, access control mechanisms on both end-systems and network boundary devices such as firewalls and IPSes must ensure that only hardened and trusted systems from that minimal set can connect to systems in the process control network running potentially vulnerable software. Nonetheless systems on that minimal set must still be considered potential attack vectors into the process control network and should they become compromised, providers of transitive trust from the process control network to external untrusted systems.
Besides the recommendation of a secure network architecture with strict network access control measures, OS hardening and other sound system administration practices a specific workaround for the vulnerability reported in this advisory is provided below.
The vulnerability is located in the ODBC server service, vulnerable organizations that do not require ODBC connectivity may disable the service with no adverse effects to the CitectSCADA software. Installations that require ODBC connectivity to SQL databases, spreadsheets, etc. will suffer loss of connection with ODBC data sources if this workaround is applied. Vulnerable organizations should obtain positive verification that ODBC connectivity is not necessary in their installation and prepare appropriate contingency procedures before the workaround is applied.
Vendor statement:
CitectSCADA is not designed to be accessible on public networks and recommends that the SCADA and control networks be protected by firewall or similar on live sites.
The system must be network hardened regardless of the corrupt packet software change to ensure a secure system given the likelihood that on the same network are open industry standard protocol devices perhaps communicating via ethernet.
Please follow this link on Citect website under "Industries and Solutions" for security, that provides some information for customers interested in securing their SCADA systems: http://www.citect.com/index.php?option=com_content&task=view&id=186&Itemid=322
Credits
This vulnerability was discovered and researched by Sebastian Mu\xf1iz from the Core IMPACT Exploit Writers Team (EWT) at Core Security Technologies. Exploitation was further investigated by Nicolas Economou also from the Core IMPACT Exploit Writers Team (EWT).
Core would also like to thank Paul Fahey of AusCERT, Gaston Franco and Patricia Prandini of ArCERT and Art Manion and Chris Taschner of CERT/CC for their assistance during the vulnerability reporting process.
This bug is a textbook example of a classic stack-based buffer overflow that can be exploited by overwriting the return address of the currently running thread. The following binary excerpt shows the nature of the problem:
/-----------
~ .text:0051BC33 loc_51BC33: ~ .text:0051BC33 lea ecx, [ebp+pDestBuffer] ~ .text:0051BC39 push ecx ; stack based buffer ~ .text:0051BC3A mov edx, [ebp+arg_0] ~ .text:0051BC3D push edx ; class that contains packet ~ .text:0051BC3E call sub_52125A ; memcpy
- -----------/
Report Timeline
. 2008-01-30: Initial contact mail sent by Core to Citect's support team. 2008-01-30: Additional mail sent to Citect support team asking for a software security contact at Citect. 2008-01-30: Email from Citect's support team acknowledging notification and requesting information in plaintext. 2008-02-06: Core sends the draft advisory, including proof of concept code to demonstrate the vulnerability. 2008-02-28: Core requests a response from the vendor and asks for the vendor's plan to release fixes to vulnerable products. 2008-03-06: Email from the vendor's technical architect confirms reception of the report and indicating that there are not concerns around publication of a security advisory disclosing the vulnerability. The vendor asks for a phone conference to ensure that both Core and Citect have a common understanding of the issue and expresses the possibility of adding additional information to the advisory. The vendor also states that it will formulate a plan for handling this issue. 2008-03-12: Core asks to continue the discussion concerning the vulnerability by mail so as to have all the involved parties informed simultaneously and all communications documented. Core requests confirmation that the vendor has been able to reproduce the vulnerability and requests details concerning the plan to release fixes and asks for the additional information that the vendor would like to include in the advisory (in the "vendor information" section). Core reminds the vendor that the original publication date of the advisory was February 25th and states that the publication of the advisory is now re-scheduled to March 24th because fixed versions were not available at the date initially scheduled. 2008-03-25: Vendor confirms that it reproduced and identified the vulnerability and indicates that the official stance is that CitectSCADA is not designed to be accessible on public networks and recommends that SCADA and control networks are protected by firewalls and other security measures on live sites. The vendor also states that it has no immediate plans to support CitectSCADA on public networks but is investigating the possibility of having a security audit of the product. 2008-03-25: Core notifies the vendor the intention to release the advisory on March 26th given that the vendor has no immediate plans for fixing the vulnerability. 2008-03-26: Core consults under NDA with a process control security expert to obtain a better understanding of the scope and impact of the vulnerability. The specific technical details about the vulnerability are not disclosed, only the general type of bug and the specific TCP port on which the vulnerable service listens are discussed. 2008-04-02: Core revisits its current plan to disclose the vulnerability and decides to get Computer Emergency Response Teams (CERTs) involved in the process. Core notifies the vendor that it will postpone the publication of the advisory, and that it will contact the Computer Emergency Response Teams (CERTs) of countries were Core has physical offices (Argentina and USA) and the country were Citect has its headquarters (Australia). Core will then determine the contents and date of publication for the security advisory based on further communication with the vendor and CERTs and more precise details that the vendor may provide regarding availability of fixes. 2008-04-02: Core notifies the vendor that it will contact the CERTs of Australia, USA and Argentina. Core reminds the vendor that the vulnerability reported is a classic example of a stack-based buffer overflow bug trivial to exploit in present times and that although the previous email from the vendor provided a vague statement indicating that "the scenario is under consideration for the next release", to date there has not been any concrete details about development and release of fixes or a firm commitment to any specific date to release them. 2008-04-08: Core sends an initial notification to AusCERT, CERT/CC and ArCert including a draft advisory describing the bug and the vendor's contact information, requesting an acknowledgement within 2 working days. 2008-04-08: AusCERT acknowledges reception of the advisory
. 2008-04-09: ArCERT acknowledges reception of the advisory
. 2008-04-10: CERT/CC acknowledges reception of the advisory on a phone call
. 2008-04-10: AusCERT notifies Core that so far it has not been able to contact the vendor and asks for approval to disseminate the information to the Australian government and other national and international entities overlooking national infrastructure security. AusCERT also asks if CORE intends to publish the advisory and if so requests some time to be able to notify affected organizations. Meanwhile AusCERT indicates that it will continue to try to work with the vendor. 2008-04-10: Core responds that it has no problems with AusCERT notifying other parties that may be able to better prepare risk mitigation procedures and/or work more closely with the vendor towards development and release of a fix. However, Core asks to keep the dissemination of the information to a minimum in order to avoid a potential leak. Core indicates that it has asked the vendor to provide concrete details about how and when it plans to address the issue and that based on the response to that question it will determine a publication date for the security advisory. Lacking a response from the vendor, Core will determine the publication date based on the feedback received from the CERTs and the progress of their preparations to address the report. 2008-04-10: AusCERT asks if it is ok to contact other CERTs and international government communities to make them aware of the issue and to ensure everyone is prepared when the report is published. 2008-04-10: Core response indicating that it is ok to contact any organization that AusCERT deems relevant for the stated purpose
. 2008-04-10: ArCert reports that it will start gathering information about appropriate organizations in Argentina to report the problem and start contacting them. 2008-04-11: CERT/CC reports that US-CERT has been made aware of the issue and will be kept updated going forward. If AusCERT is already in contact with the vendor CERT/CC will standby and follow AusCERT's lead. 2008-04-14: AusCERT reports that after several communication attempts the vendor said that it will address the issue in the next release of the product (by mid-year) and release a patch in a couple of months. However, the information is not to be considered an official statement and there is no official indication of a plan to provide immediate resolution. 2008-04-14: CERT/CC asks if Core will publish the advisory before mid-year and states concerns about the potential time elapsed between advisory publication and release of the fix. CERT/CC will likely put out information soon after Core does and expresses its interest to receive more information from the vendor regarding their response plan. 2008-04-14: AusCERT notes that Core has given the CERTs the time to notify possibly affected organizations before the report is published and requests any specific questions to be asked to the vendor. 2008-04-14: Core states that it is entirely possible to re-visit the publication date of the report (which has been done twice so far) but to do so Core requires concrete details and a committed date for the release of a fix noting that it wasn't until AusCERT's email from April 14th that the possibility that the vendor would release of a patch seemed realistic. Core is willing to postpone publication of the report provided that the vendor commits to release a fix no later than June 30th (the upper bound to the promised mid-year deadline indicated by the vendor). Core also reminds the CERTs that its intent in notifying them of the bug was to help to coordinate a way to address the bug should an official patch or fix is not made available by the vendor. 2008-04-24: Core sends an email to the 3 CERTs requesting a status update and any further details about the availability of fixes. Core would like to set a final date for the publication of its report. 2008-04-28: AusCERT indicates that after several calls and messages, the vendor has stated that it does not publish specific release schedules for updates and does not indicate what will or will not be their contents and that once a release is finalized all relevant materials are updated to reflect that fact. AusCERT asks about Core's plans regarding the issue. 2008-04-28: CERT/CC suggests that in light of the vendor statement one last effort should be attempted, setting a date for publication one or two weeks into the future and presenting the final drafts of the report to the vendor. 2008-04-28: Core sets the advisory publication date to May 12th and indicates to the three CERTs that the date is considered final unless concrete details about a patch release schedule are communicated no later than May 8th. The vendor has already been sent drafts of the advisory, the last one sent on March 25th, and Core has little confidence that the current status process will change in a positive manner. Core will consider the time up to May 12th as a period to finalize the preparation of guidance documents about how to deal with the issue without an official fix available. Should such a document be provided, Core is willing and open to include its recommendations in the security advisory. 2008-05-06: Core informs the CERTs that it is still editing its security advisory and that once the final draft is ready it will be sent for review to the vendor and the CERTs before it is published. Core informs that it will also issue a press release disclosing the issue and invites spokesmen from any of the CERTs to participate with a quote should they want to do so. 2008-05-08: CERT/CC acknowledges Core's email and thanks for the update indicating that it will not participate in a press release. 2008-05-14: Core sends its final draft of the security advisory to Citect and the 3 CERTs indicating that the publication date is set to May 19th, 2008 at approximately 3pm UTC. Should the vendor or the CERTS have any official comments or statements or workarounds that they would like to be included in Core's advisory they must be provided them by email no later than Friday May 16th 2008 at 9pm (UTC). 2008-05-15: Email from the vendor indicating the Citect has allocated resources to address the issue and is pleased to advise that a patch will be available by the end of May. The vendor assumes that publication of the advisory will be postponed given Core's previous email from April 14th stating that it is willing to review the publication date if the vendor commits to releasing a fix no later than June 30th. 2008-05-16: Email from CERT/CC asking about Core's plan to publish the advisory and stating that CERT/CC is inclined to hold off publication for a couple of weeks provided that Core does the same. JPCERT has been informed of the vulnerability to prepare for the upcoming disclosure. 2008-05-16: Core sends email to Citect and the three CERTs stating that publication of the advisory has been re-scheduled to June 2nd 2008 and reiterating that should the vendor want to include additional information or specific pointers to the patch it should be provided at least a day in advance. 2008-05-28: Core sends a follow up to the email sent on May 16th requesting confirmation that Citect is on track to release fixes for the vulnerability. Core had re-scheduled publication of the security advisory to June 2nd, 2008 (next Monday) and wants to confirm that software fixes will be ready to roll out and to provide the opportunity to include in the advisory any official guidelines on how to obtain them and/or any alternative workarounds to the problem. Specific questions about the potential workaround of disabling the vulnerable service are sent to the vendor as well as a request to provide a list of both vulnerable and not vulnerable packages. This information should be received no later than Friday June 30th, 2008 at 1pm UTC. 2008-06-01: Email received from the vendor stating: "The fix is on track and is currently in code review and testing stage. We will advise when and how the patch will be released". 2008-06-01: Core asks if the vendor has a concrete estimated date for the patch release. It is noted that publication of the security advisory was re-scheduled to June 2nd, 2008 on the basis of the vendor's commitment to release fixes "by the end of May" as indicated in the vendor's email from May 15th 2008. May is already past and Core still has no concrete details about when and how the fixes will be available. Core also notes that the previous email from May 28th 2008 had specific questions that may help craft guidance and recommendations for vulnerable organizations to mitigate risk due to the vendor's software security exposure and asks if the vendor is able to provide answers to those specific inquires. Core also states that it would like to discuss with the CERTs any specific details and information about their plans to address this issue in the upcoming week. In the absence of concrete fix details and workarounds from the vendor Core would like to coordinate with CERTs the dissemination of information to help reduce risk to vulnerable organizations worldwide. 2008-06-01: AusCERT indicates that it's ready for the publication and that it will publish its own report after Core has done so. 2008-06-04: Email from CERT/CC asking for a status update from Core and noting that neither the vendor patches nor Core's advisory have been published by June 2nd as planned. CERT/CC is ready to publish information about the issue and is willing to do so on Core's timetable. 2008-06-04: Citect informs that the patch for the reported issue has been completed at the code level and is being QA tested. The timing of software releases is a company commercial decision, and no guarantee of delivery dates is given. However, the vendor anticipates the patch will be published on its website in the next day or so, assuming QA approval is given. The vendor informs that the suggested workaround of disabling the ODBC server is viable for users that do not need this functionality (most users of CitectSCADA) and would not affect the operation of the software in any other way. The vendor states that "Although this patch will be made available to our supported customers, Citect maintains the stated stance that under NO circumstances should any SCADA/PLC/DCS/RTU/Process Control network should ever be exposed unprotected to the internet. The network should either be securely firewalled or better still isolated, or otherwise protected using approved IT security methodology. Citect has previously published security recommendations in a whitepaper located on our website at http://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf "SECURING AN INTEGRATED SCADA SYSTEM - Network Security & SCADA Systems Whitepaper". The vendor also indicates that "copies of the security alert report appear to have been circulated before the advised date of publication, contrary to the undertaking given to Citect."
. 2008-06-04: Core's email to Citect, AusCERT, CERT/CC and ArCert informing them that publication of the security advisory has now been re-scheduled to June 11th 2008. The date is final. The advisory will include references to the vendor's security recommendations and white paper as well as the proposed workaround. Core also indicates that to date the company has not published any report about the issue and has no indication of any such reports circulating "in the wild" but cannot discard that as a possibility given that the vendor's lack of proper secure communications procedures forced all the involved parties to communicate without any form of email encryption and that those communications have occurred over a public network such as the Internet for a period of over 4 months. 2008-06-04: Email from CERT/CC indicating that it will too publish a report on June 11th also noting the importance of sound system administration practices such as disabling unneeded features and a secure network architecture. CERT/CC agrees on the need of isolated or otherwise secured process control networks but indicates that in practice that is not always the case. Further information about any potential information leak is requested. 2008-06-10: Final draft of the advisory sent to Citect and CERTs, asking for confirmation that patches are now available. 2008-06-10: Citect confirms that patches are available to customers upon request and reiterates that the vendor's official stance is that the control network must be secured, and customers requesting the patch will be offered advice and links on how to do this. 2008-06-10: CERT/CC asks for any official guidance or wording that could be used in documents to direct readers appropriately. For example, an URL to a support/contact web site, or a case number. 2008-06-11: Security advisory CORE-2008-0125 published.
References
[1] Citect Corporate Profile http://www.citect.com/index.php?option=com_content&task=view&id=94&Itemid=151
About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.
Disclaimer
The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
GPG/PGP Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhP2lEACgkQyNibggitWa29yQCdHfYtgLzOvys9Msi95eqF8H/X ADEAoKB9r52U9KXlEvBn5GgCaqXqC8OG =5qtX -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200806-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "citectscada",
"scope": "eq",
"trust": 1.9,
"vendor": "citect",
"version": "7"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 1.9,
"vendor": "citect",
"version": "6"
},
{
"model": "citectfacilities",
"scope": "eq",
"trust": 1.9,
"vendor": "citect",
"version": "7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "citect",
"version": null
},
{
"model": "citectfacilities",
"scope": "eq",
"trust": 0.8,
"vendor": "citect",
"version": "v7"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "citect",
"version": "v6"
},
{
"model": "citectscada",
"scope": "eq",
"trust": 0.8,
"vendor": "citect",
"version": "v7"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "citectfacilities",
"version": "7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "citectscada",
"version": "6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "citectscada",
"version": "7"
}
],
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"db": "BID",
"id": "29634"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:citect:citectfacilities",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:citect:citectscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Mu\u0026ntilde;iz",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2008-2639",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "7d760002-463f-11e9-b563-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#476345",
"trust": 0.8,
"value": "7.35"
},
{
"author": "NVD",
"id": "CVE-2008-2639",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200806-217",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. Citect Made by company CitectSCADA Contains a buffer overflow vulnerability. Citect CitectSCADA Is SCADA (Supervisory Control And Data Acquisition) Software used for monitoring and control in the system. CitectSCADA Contains a buffer overflow vulnerability because it cannot properly handle crafted requests from clients.Arbitrary code is executed by a remote party or service operation is interrupted (DoS) There is a possibility of being attacked. \n\n\u00a0Citect SCADA and CitectFacilities include ODBC server functionality to provide remote SQL access to relational databases. The ODBC server component listens to client requests from the network on the port 20222 / tcp by default. The application layer protocol on TCP reads the 4-byte initial message to specify the length of the data in the next message, and then sockets from the same TCP. Word reads the next message of this length, where the first 5 bytes are a fixed header. After the second message in the network is read into the buffer, the data is copied to a fixed-size internal buffer on the stack. \n\n\u00a0Due to the lack of a correct length check of the data read, memory copy operations using fixed-size target buffers allocated on the stack may overflow, allowing unauthenticated remote attackers to execute arbitrary instructions on the vulnerable system . CitectSCADA is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nCitect Products ODBC Server Component Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA30638\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30638/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCitectFacilities 7.x\nhttp://secunia.com/product/19043/\nCitectSCADA 6.x\nhttp://secunia.com/product/19041/\nCitectSCADA 7.x\nhttp://secunia.com/product/19042/\n\nDESCRIPTION:\nCore Security Technologies has reported a vulnerability in\nCitectSCADA and CitectFacilities, which can be exploited by malicious\npeople to cause a DoS (Denial of Service) or compromise a vulnerable\nsystem. \n\nThe vulnerability is reported in the following versions:\n* CitectSCADA v6\n* CitectSCADA v7\n* CitectFacilities v7\n\nSOLUTION:\nContact the vendor for patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nSebasti\\xe1n Mu\\xf1iz, Core Security Technologies\n\nORIGINAL ADVISORY:\nCORE-2008-0125:\nhttp://www.coresecurity.com/index.php5?module=ContentMod\u0026action=item\u0026id=2186\n\nOTHER REFERENCES:\nUS-CERT VU#476345:\nhttp://www.kb.cert.org/vuls/id/476345\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n~ Core Security Technologies - CoreLabs Advisory\n~ http://www.coresecurity.com/corelabs/\n\n~ CitectSCADA ODBC service vulnerability\n\n\n*Advisory Information*\n\nTitle: CitectSCADA ODBC service vulnerability\nAdvisory ID: CORE-2008-0125\nAdvisory URL: http://www.coresecurity.com/?action=item\u0026id=2186\nDate published: 2008-06-11\nDate of last update: 2008-06-10\nVendors contacted: Citect\nRelease mode: Coordinated release\n\n\n*Vulnerability Information*\n\nClass: Buffer overflow\nRemotely Exploitable: Yes\nLocally Exploitable: Yes\nBugtraq ID: 29634\t\nCVE Name: CVE-2008-2639\t\n\n\n*Vulnerability Description*\n\nCitect is a supplier of industrial automation software with headquarters\nin Australia and over 20 offices in Oceania, South East Asia, China,\nJapan, the Americas, Europe, Africa and the Middle East. Citect\u0027s\nproducts are distributed in over 80 countries through a network of more\nthan 500 partners. According to Citect\u0027s website [1] the company, a\nfully owned subsidiary of Schneider Electric, has more than 150,000\nlicenses of its software sold to date. Citect\u0027s products are used by\norganizations worldwide in numerous industries including Aerospace \u0026\nDefense, Oil \u0026 Gas, Power/Utilities, Chemical, Pharmaceutical,\nManufacturing and others. with an integrated Human Machine Interface\n(HMI) / SCADA solution to deliver a scalable and reliable control and\nmonitoring system. The system is composed by software installed on\nstandard computer equipment running on commercial-of-the-shelf Microsoft\nWindows operating systems. To\naccomplish such goal the would-be attacker must be able to connect to\nthe vulnerable service on a TCP high-port. \n\n\n*Vulnerable Packages*\n\n. CitectSCADA v6\n. CitectSCADA v7\n. CitectFacilities v7\n\n\n*Non-vulnerable Packages*\n\n. Contact the vendor for fixed versions of the product. \n\n\n*Vendor Information, Solutions and Workarounds*\n\nIn general process control networks should be physically isolated from\ncorporate or other publicly accessible data networks as such an isolated\nnetwork will limit the exposure of systems with network facing\nvulnerabilities only to accidental disruption or potentially malicious\nusers or systems within the process control network itself. \n\nHowever, if physical isolation of the process control network is not\nfeasible it is strongly recommended to enforce and monitor strict\nnetwork access control mechanisms to verify that only the absolute\nminimal required set of systems from both within and outside the process\ncontrol network are allowed to connect to any systems within the process\ncontrol network. In this particular case, access control mechanisms on\nboth end-systems and network boundary devices such as firewalls and\nIPSes must ensure that only hardened and trusted systems from that\nminimal set can connect to systems in the process control network\nrunning potentially vulnerable software. Nonetheless systems on that\nminimal set must still be considered potential attack vectors into the\nprocess control network and should they become compromised, providers of\ntransitive trust from the process control network to external untrusted\nsystems. \n\nBesides the recommendation of a secure network architecture with strict\nnetwork access control measures, OS hardening and other sound system\nadministration practices a specific workaround for the vulnerability\nreported in this advisory is provided below. \n\nThe vulnerability is located in the ODBC server service, vulnerable\norganizations that do not require ODBC connectivity may disable the\nservice with no adverse effects to the CitectSCADA software. \nInstallations that require ODBC connectivity to SQL databases,\nspreadsheets, etc. will suffer loss of connection with ODBC data sources\nif this workaround is applied. Vulnerable organizations should obtain\npositive verification that ODBC connectivity is not necessary in their\ninstallation and prepare appropriate contingency procedures before the\nworkaround is applied. \n\nVendor statement:\n\nCitectSCADA is not designed to be accessible on public networks and\nrecommends that the SCADA and control networks be protected by firewall\nor similar on live sites. \n\nThe system must be network hardened regardless of the corrupt packet\nsoftware change to ensure a secure system given the likelihood that on\nthe same network are open industry standard protocol devices perhaps\ncommunicating via ethernet. \n\nPlease follow this link on Citect website under \"Industries and\nSolutions\" for security, that provides some information for customers\ninterested in securing their SCADA systems:\nhttp://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=186\u0026Itemid=322\n\n\n*Credits*\n\nThis vulnerability was discovered and researched by Sebastian Mu\\xf1iz from\nthe Core IMPACT Exploit Writers Team (EWT) at Core Security\nTechnologies. Exploitation was further investigated by Nicolas Economou\nalso from the Core IMPACT Exploit Writers Team (EWT). \n\nCore would also like to thank Paul Fahey of AusCERT, Gaston Franco and\nPatricia Prandini of ArCERT and Art Manion and Chris Taschner of CERT/CC\nfor their assistance during the vulnerability reporting process. \n\nThis bug is a textbook example of a classic stack-based buffer overflow\nthat can be exploited by overwriting the return address of the currently\nrunning thread. The following binary excerpt shows the nature of the\nproblem:\n\n/-----------\n\n~ .text:0051BC33 loc_51BC33:\n~ .text:0051BC33 lea ecx, [ebp+pDestBuffer]\n~ .text:0051BC39 push ecx ; stack based buffer\n~ .text:0051BC3A mov edx, [ebp+arg_0]\n~ .text:0051BC3D push edx ; class that contains packet\n~ .text:0051BC3E call sub_52125A ; memcpy\n\n- -----------/\n\n\n\n*Report Timeline*\n\n. 2008-01-30:\nInitial contact mail sent by Core to Citect\u0027s support team. 2008-01-30:\nAdditional mail sent to Citect support team asking for a software\nsecurity contact at Citect. 2008-01-30:\nEmail from Citect\u0027s support team acknowledging notification and\nrequesting information in plaintext. 2008-02-06:\nCore sends the draft advisory, including proof of concept code to\ndemonstrate the vulnerability. 2008-02-28:\nCore requests a response from the vendor and asks for the vendor\u0027s plan\nto release fixes to vulnerable products. 2008-03-06:\nEmail from the vendor\u0027s technical architect confirms reception of the\nreport and indicating that there are not concerns around publication of\na security advisory disclosing the vulnerability. The vendor asks for a\nphone conference to ensure that both Core and Citect have a common\nunderstanding of the issue and expresses the possibility of adding\nadditional information to the advisory. The vendor also states that it\nwill formulate a plan for handling this issue. 2008-03-12:\nCore asks to continue the discussion concerning the vulnerability by\nmail so as to have all the involved parties informed simultaneously and\nall communications documented. Core requests confirmation that the\nvendor has been able to reproduce the vulnerability and requests details\nconcerning the plan to release fixes and asks for the additional\ninformation that the vendor would like to include in the advisory (in\nthe \"vendor information\" section). Core reminds the vendor that the\noriginal publication date of the advisory was February 25th and states\nthat the publication of the advisory is now re-scheduled to March 24th\nbecause fixed versions were not available at the date initially scheduled. 2008-03-25:\nVendor confirms that it reproduced and identified the vulnerability and\nindicates that the official stance is that CitectSCADA is not designed\nto be accessible on public networks and recommends that SCADA and\ncontrol networks are protected by firewalls and other security measures\non live sites. The vendor also states that it has no immediate plans to\nsupport CitectSCADA on public networks but is investigating the\npossibility of having a security audit of the product. 2008-03-25:\nCore notifies the vendor the intention to release the advisory on March\n26th given that the vendor has no immediate plans for fixing the\nvulnerability. 2008-03-26:\nCore consults under NDA with a process control security expert to obtain\na better understanding of the scope and impact of the vulnerability. The\nspecific technical details about the vulnerability are not disclosed,\nonly the general type of bug and the specific TCP port on which the\nvulnerable service listens are discussed. 2008-04-02:\nCore revisits its current plan to disclose the vulnerability and decides\nto get Computer Emergency Response Teams (CERTs) involved in the\nprocess. Core notifies the vendor that it will postpone the publication\nof the advisory, and that it will contact the Computer Emergency\nResponse Teams (CERTs) of countries were Core has physical offices\n(Argentina and USA) and the country were Citect has its headquarters\n(Australia). Core will then determine the contents and date of\npublication for the security advisory based on further communication\nwith the vendor and CERTs and more precise details that the vendor may\nprovide regarding availability of fixes. 2008-04-02:\nCore notifies the vendor that it will contact the CERTs of Australia,\nUSA and Argentina. Core reminds the vendor that the vulnerability\nreported is a classic example of a stack-based buffer overflow bug\ntrivial to exploit in present times and that although the previous email\nfrom the vendor provided a vague statement indicating that \"the scenario\nis under consideration for the next release\", to date there has not been\nany concrete details about development and release of fixes or a firm\ncommitment to any specific date to release them. 2008-04-08:\nCore sends an initial notification to AusCERT, CERT/CC and ArCert\nincluding a draft advisory describing the bug and the vendor\u0027s contact\ninformation, requesting an acknowledgement within 2 working days. 2008-04-08:\nAusCERT acknowledges reception of the advisory\n\n. 2008-04-09:\nArCERT acknowledges reception of the advisory\n\n. 2008-04-10:\nCERT/CC acknowledges reception of the advisory on a phone call\n\n. 2008-04-10:\nAusCERT notifies Core that so far it has not been able to contact the\nvendor and asks for approval to disseminate the information to the\nAustralian government and other national and international entities\noverlooking national infrastructure security. AusCERT also asks if CORE\nintends to publish the advisory and if so requests some time to be able\nto notify affected organizations. Meanwhile AusCERT indicates that it\nwill continue to try to work with the vendor. 2008-04-10:\nCore responds that it has no problems with AusCERT notifying other\nparties that may be able to better prepare risk mitigation procedures\nand/or work more closely with the vendor towards development and release\nof a fix. However, Core asks to keep the dissemination of the\ninformation to a minimum in order to avoid a potential leak. Core\nindicates that it has asked the vendor to provide concrete details about\nhow and when it plans to address the issue and that based on the\nresponse to that question it will determine a publication date for the\nsecurity advisory. Lacking a response from the vendor, Core will\ndetermine the publication date based on the feedback received from the\nCERTs and the progress of their preparations to address the report. 2008-04-10:\nAusCERT asks if it is ok to contact other CERTs and international\ngovernment communities to make them aware of the issue and to ensure\neveryone is prepared when the report is published. 2008-04-10:\nCore response indicating that it is ok to contact any organization that\nAusCERT deems relevant for the stated purpose\n\n. 2008-04-10:\nArCert reports that it will start gathering information about\nappropriate organizations in Argentina to report the problem and start\ncontacting them. 2008-04-11:\nCERT/CC reports that US-CERT has been made aware of the issue and will\nbe kept updated going forward. If AusCERT is already in contact with the\nvendor CERT/CC will standby and follow AusCERT\u0027s lead. 2008-04-14:\nAusCERT reports that after several communication attempts the vendor\nsaid that it will address the issue in the next release of the product\n(by mid-year) and release a patch in a couple of months. However, the\ninformation is not to be considered an official statement and there is\nno official indication of a plan to provide immediate resolution. 2008-04-14:\nCERT/CC asks if Core will publish the advisory before mid-year and\nstates concerns about the potential time elapsed between advisory\npublication and release of the fix. CERT/CC will likely put out\ninformation soon after Core does and expresses its interest to receive\nmore information from the vendor regarding their response plan. 2008-04-14:\nAusCERT notes that Core has given the CERTs the time to notify possibly\naffected organizations before the report is published and requests any\nspecific questions to be asked to the vendor. 2008-04-14:\nCore states that it is entirely possible to re-visit the publication\ndate of the report (which has been done twice so far) but to do so Core\nrequires concrete details and a committed date for the release of a fix\nnoting that it wasn\u0027t until AusCERT\u0027s email from April 14th that the\npossibility that the vendor would release of a patch seemed realistic. \nCore is willing to postpone publication of the report provided that the\nvendor commits to release a fix no later than June 30th (the upper bound\nto the promised mid-year deadline indicated by the vendor). Core also\nreminds the CERTs that its intent in notifying them of the bug was to\nhelp to coordinate a way to address the bug should an official patch or\nfix is not made available by the vendor. 2008-04-24:\nCore sends an email to the 3 CERTs requesting a status update and any\nfurther details about the availability of fixes. Core would like to set\na final date for the publication of its report. 2008-04-28:\nAusCERT indicates that after several calls and messages, the vendor has\nstated that it does not publish specific release schedules for updates\nand does not indicate what will or will not be their contents and that\nonce a release is finalized all relevant materials are updated to\nreflect that fact. AusCERT asks about Core\u0027s plans regarding the issue. 2008-04-28:\nCERT/CC suggests that in light of the vendor statement one last effort\nshould be attempted, setting a date for publication one or two weeks\ninto the future and presenting the final drafts of the report to the vendor. 2008-04-28:\nCore sets the advisory publication date to May 12th and indicates to the\nthree CERTs that the date is considered final unless concrete details\nabout a patch release schedule are communicated no later than May 8th. \nThe vendor has already been sent drafts of the advisory, the last one\nsent on March 25th, and Core has little confidence that the current\nstatus process will change in a positive manner. Core will consider the\ntime up to May 12th as a period to finalize the preparation of guidance\ndocuments about how to deal with the issue without an official fix\navailable. Should such a document be provided, Core is willing and open\nto include its recommendations in the security advisory. 2008-05-06:\nCore informs the CERTs that it is still editing its security advisory\nand that once the final draft is ready it will be sent for review to the\nvendor and the CERTs before it is published. Core informs that it will\nalso issue a press release disclosing the issue and invites spokesmen\nfrom any of the CERTs to participate with a quote should they want to do so. 2008-05-08:\nCERT/CC acknowledges Core\u0027s email and thanks for the update indicating\nthat it will not participate in a press release. 2008-05-14:\nCore sends its final draft of the security advisory to Citect and the 3\nCERTs indicating that the publication date is set to May 19th, 2008 at\napproximately 3pm UTC. Should the vendor or the CERTS have any official\ncomments or statements or workarounds that they would like to be\nincluded in Core\u0027s advisory they must be provided them by email no later\nthan Friday May 16th 2008 at 9pm (UTC). 2008-05-15:\nEmail from the vendor indicating the Citect has allocated resources to\naddress the issue and is pleased to advise that a patch will be\navailable by the end of May. The vendor assumes that publication of the\nadvisory will be postponed given Core\u0027s previous email from April 14th\nstating that it is willing to review the publication date if the vendor\ncommits to releasing a fix no later than June 30th. 2008-05-16:\nEmail from CERT/CC asking about Core\u0027s plan to publish the advisory and\nstating that CERT/CC is inclined to hold off publication for a couple of\nweeks provided that Core does the same. JPCERT has been informed of the\nvulnerability to prepare for the upcoming disclosure. 2008-05-16:\nCore sends email to Citect and the three CERTs stating that publication\nof the advisory has been re-scheduled to June 2nd 2008 and reiterating\nthat should the vendor want to include additional information or\nspecific pointers to the patch it should be provided at least a day in\nadvance. 2008-05-28:\nCore sends a follow up to the email sent on May 16th requesting\nconfirmation that Citect is on track to release fixes for the\nvulnerability. Core had re-scheduled publication of the security\nadvisory to June 2nd, 2008 (next Monday) and wants to confirm that\nsoftware fixes will be ready to roll out and to provide the opportunity\nto include in the advisory any official guidelines on how to obtain them\nand/or any alternative workarounds to the problem. Specific questions\nabout the potential workaround of disabling the vulnerable service are\nsent to the vendor as well as a request to provide a list of both\nvulnerable and not vulnerable packages. This information should be\nreceived no later than Friday June 30th, 2008 at 1pm UTC. 2008-06-01:\nEmail received from the vendor stating: \"The fix is on track and is\ncurrently in code review and testing stage. We will advise when and how\nthe patch will be released\". 2008-06-01:\nCore asks if the vendor has a concrete estimated date for the patch\nrelease. It is noted that publication of the security advisory was\nre-scheduled to June 2nd, 2008 on the basis of the vendor\u0027s commitment\nto release fixes \"by the end of May\" as indicated in the vendor\u0027s email\nfrom May 15th 2008. May is already past and Core still has no concrete\ndetails about when and how the fixes will be available. Core also notes\nthat the previous email from May 28th 2008 had specific questions that\nmay help craft guidance and recommendations for vulnerable organizations\nto mitigate risk due to the vendor\u0027s software security exposure and asks\nif the vendor is able to provide answers to those specific inquires. \nCore also states that it would like to discuss with the CERTs any\nspecific details and information about their plans to address this issue\nin the upcoming week. In the absence of concrete fix details and\nworkarounds from the vendor Core would like to coordinate with CERTs the\ndissemination of information to help reduce risk to vulnerable\norganizations worldwide. 2008-06-01:\nAusCERT indicates that it\u0027s ready for the publication and that it will\npublish its own report after Core has done so. 2008-06-04:\nEmail from CERT/CC asking for a status update from Core and noting that\nneither the vendor patches nor Core\u0027s advisory have been published by\nJune 2nd as planned. CERT/CC is ready to publish information about the\nissue and is willing to do so on Core\u0027s timetable. 2008-06-04:\nCitect informs that the patch for the reported issue has been completed\nat the code level and is being QA tested. The timing of software\nreleases is a company commercial decision, and no guarantee of delivery\ndates is given. However, the vendor anticipates the patch will be\npublished on its website in the next day or so, assuming QA approval is\ngiven. The vendor informs that the suggested workaround of disabling\nthe ODBC server is viable for users that do not need this functionality\n(most users of CitectSCADA) and would not affect the operation of the\nsoftware in any other way. \nThe vendor states that \"Although this patch will be made available to\nour supported customers, Citect maintains the stated stance that under\nNO circumstances should any SCADA/PLC/DCS/RTU/Process Control network\nshould ever be exposed unprotected to the internet. The network should\neither be securely firewalled or better still isolated, or otherwise\nprotected using approved IT security methodology. Citect has previously\npublished security recommendations in a whitepaper located on our\nwebsite at\nhttp://www.citect.com/documents/whitepapers/SCADA%20Security%20Whitepaper.pdf\n\"SECURING AN INTEGRATED SCADA SYSTEM - Network Security \u0026 SCADA Systems\nWhitepaper\". The vendor also indicates that \"copies of the security\nalert report appear to have been circulated before the advised date of\npublication, contrary to the undertaking given to Citect.\"\n\n. 2008-06-04:\nCore\u0027s email to Citect, AusCERT, CERT/CC and ArCert informing them that\npublication of the security advisory has now been re-scheduled to June\n11th 2008. The date is final. The advisory will include references to\nthe vendor\u0027s security recommendations and white paper as well as the\nproposed workaround. Core also indicates that to date the company has\nnot published any report about the issue and has no indication of any\nsuch reports circulating \"in the wild\" but cannot discard that as a\npossibility given that the vendor\u0027s lack of proper secure communications\nprocedures forced all the involved parties to communicate without any\nform of email encryption and that those communications have occurred\nover a public network such as the Internet for a period of over 4 months. 2008-06-04:\nEmail from CERT/CC indicating that it will too publish a report on June\n11th also noting the importance of sound system administration practices\nsuch as disabling unneeded features and a secure network architecture. \nCERT/CC agrees on the need of isolated or otherwise secured process\ncontrol networks but indicates that in practice that is not always the\ncase. Further information about any potential information leak is requested. 2008-06-10:\nFinal draft of the advisory sent to Citect and CERTs, asking for\nconfirmation that patches are now available. 2008-06-10:\nCitect confirms that patches are available to customers upon request and\nreiterates that the vendor\u0027s official stance is that the control network\nmust be secured, and customers requesting the patch will be offered\nadvice and links on how to do this. 2008-06-10:\nCERT/CC asks for any official guidance or wording that could be used in\ndocuments to direct readers appropriately. For example, an URL to a\nsupport/contact web site, or a case number. 2008-06-11:\nSecurity advisory CORE-2008-0125 published. \n\n\n\n*References*\n\n[1] Citect Corporate Profile\nhttp://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=94\u0026Itemid=151\n\n\n*About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://www.coresecurity.com/corelabs/. \n\n\n*About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core augments its\nleading technology solution with world-class security consulting\nservices, including penetration testing and software security auditing. \nBased in Boston, MA and Buenos Aires, Argentina, Core Security\nTechnologies can be reached at 617-399-6980 or on the Web at\nhttp://www.coresecurity.com. \n\n\n*Disclaimer*\n\nThe contents of this advisory are copyright (c) 2008 Core Security\nTechnologies and (c) 2008 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n*GPG/PGP Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.8 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niEYEARECAAYFAkhP2lEACgkQyNibggitWa29yQCdHfYtgLzOvys9Msi95eqF8H/X\nADEAoKB9r52U9KXlEvBn5GgCaqXqC8OG\n=5qtX\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2639"
},
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"db": "BID",
"id": "29634"
},
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "67260"
},
{
"db": "PACKETSTORM",
"id": "67189"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2639",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#476345",
"trust": 3.6
},
{
"db": "BID",
"id": "29634",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "30638",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "6387",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1020241",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2008-1834",
"trust": 1.6
},
{
"db": "SREASON",
"id": "3944",
"trust": 1.6
},
{
"db": "XF",
"id": "42992",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2008-2883",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080611 CORE-2008-0125: CITECTSCADA ODBC SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "6387",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D760002-463F-11E9-B563-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "B0301A90-23CD-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "67260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67189",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"db": "BID",
"id": "29634"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "PACKETSTORM",
"id": "67260"
},
{
"db": "PACKETSTORM",
"id": "67189"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"id": "VAR-200806-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
}
],
"trust": 1.613095215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
}
]
},
"last_update_date": "2025-04-10T23:16:35.357000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Securing Your SCADA Network",
"trust": 0.8,
"url": "http://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=186\u0026Itemid=322"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/476345"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/30638"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/29634"
},
{
"trust": 2.4,
"url": "http://securitytracker.com/id?1020241"
},
{
"trust": 2.0,
"url": "http://www.coresecurity.com/?action=item\u0026id=2186"
},
{
"trust": 1.6,
"url": "http://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=1374\u0026itemid=223"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/ctar-7enqnh"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3944"
},
{
"trust": 1.6,
"url": "http://isc.sans.org/diary.html?storyid=4556"
},
{
"trust": 1.4,
"url": "http://www.milw0rm.com/exploits/6387"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/42992"
},
{
"trust": 1.2,
"url": "http://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=186\u0026itemid=322"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/6387"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/1834/references"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/493272/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42992"
},
{
"trust": 0.9,
"url": "http://www.coresecurity.com/index.php5?module=contentmod\u0026action=item\u0026id=2186"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/30638/"
},
{
"trust": 0.8,
"url": "http://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=26\u0026itemid=29"
},
{
"trust": 0.8,
"url": "http://www.citect.com/documents/news_and_media/pr-citect-address-security.pdf"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/29634/discuss"
},
{
"trust": 0.8,
"url": "http://news.infracritical.com/pipermail/scadasec/2008-september/001503.html"
},
{
"trust": 0.8,
"url": "http://www.digitalmunition.com/5ws_of_citect_odbc.txt"
},
{
"trust": 0.8,
"url": "http://www.digitalmunition.com/citect_scada_odbc.rb"
},
{
"trust": 0.8,
"url": "http://www.milw0rm.com/papers/221"
},
{
"trust": 0.8,
"url": "http://www.citect.com/documents/news_and_media/citectscada-security-response.pdf"
},
{
"trust": 0.8,
"url": "http://www.csoonline.com/article/print/448626"
},
{
"trust": 0.8,
"url": "http://www.pcworld.com/businesscenter/article/150888/computer_threat_for_industrial_systems_now_more_serious.html"
},
{
"trust": 0.8,
"url": "http://www.theregister.co.uk/2008/09/19/scada_advisory_pulled/"
},
{
"trust": 0.8,
"url": "http://knowledgebase.citect.com/safetyandsecurity/"
},
{
"trust": 0.8,
"url": "http://www.digitalbond.com/wiki/index.php/citectscada_stack_overflow_vulnerability"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2639"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/1803"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu476345/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2639"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/493272/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1834/references"
},
{
"trust": 0.3,
"url": "http://www.citect.com"
},
{
"trust": 0.3,
"url": "/archive/1/493272"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19041/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19042/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19043/"
},
{
"trust": 0.1,
"url": "http://www.citect.com/index.php?option=com_content\u0026task=view\u0026id=94\u0026itemid=151"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2639"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/"
},
{
"trust": 0.1,
"url": "http://www.citect.com/documents/whitepapers/scada%20security%20whitepaper.pdf"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "BID",
"id": "29634"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "PACKETSTORM",
"id": "67260"
},
{
"db": "PACKETSTORM",
"id": "67189"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#476345"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"db": "BID",
"id": "29634"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"db": "PACKETSTORM",
"id": "67260"
},
{
"db": "PACKETSTORM",
"id": "67189"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-11T00:00:00",
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"date": "2008-06-11T00:00:00",
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"date": "2008-06-11T00:00:00",
"db": "CERT/CC",
"id": "VU#476345"
},
{
"date": "2008-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"date": "2008-06-11T00:00:00",
"db": "BID",
"id": "29634"
},
{
"date": "2008-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"date": "2008-06-13T01:45:00",
"db": "PACKETSTORM",
"id": "67260"
},
{
"date": "2008-06-11T18:49:38",
"db": "PACKETSTORM",
"id": "67189"
},
{
"date": "2008-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"date": "2008-06-16T18:41:00",
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-08T00:00:00",
"db": "CERT/CC",
"id": "VU#476345"
},
{
"date": "2008-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-2883"
},
{
"date": "2008-09-08T17:51:00",
"db": "BID",
"id": "29634"
},
{
"date": "2008-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001454"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-217"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "67189"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citect SCADA ODBC Server Remote Stack Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-2883"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d760002-463f-11e9-b563-000c29342cb1"
},
{
"db": "IVD",
"id": "b0301a90-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-217"
}
],
"trust": 1.0
}
}
VAR-200703-0565
Vulnerability from variot - Updated: 2025-04-10 23:13Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. D-Link TFTP Server is a TFTP service program built into D-Link wireless AP. D-Link TFTP Server has a vulnerability in processing malformed TFTP access requests, and remote attackers may use this vulnerability to control the server. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/22923.rb Patching plan: The vendor has not released upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com. D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. Given the nature of this issue, the attacker may presumably be able to execute code. D-Link TFTP 1.0 is vulnerable; other versions may also be affected.
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: D-Link TFTP Server Data Handling Memory Corruption
SECUNIA ADVISORY ID: SA24360
VERIFY ADVISORY: http://secunia.com/advisories/24360/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: D-Link TFTP Server 1.x http://secunia.com/product/13596/
DESCRIPTION: Parvez Anwar has discovered a vulnerability in D-Link TFTP Server, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the handling of received data. This can be exploited to corrupt certain structures in memory via an overly long (greater than 300 bytes), specially crafted GET or PUT request.
The vulnerability is confirmed in version 1.0.
SOLUTION: Use in a trusted network environment only.
PROVIDED AND/OR DISCOVERED BY: Parvez Anwar
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tftp server",
"scope": "eq",
"trust": 2.7,
"vendor": "d link",
"version": "1.0"
},
{
"model": null,
"scope": null,
"trust": 1.2,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "BID",
"id": "22923"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:d-link:tftp_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parvez Anwar",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-1435",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-24797",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-1435",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-1435",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-350",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24797",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24797"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. D-Link TFTP Server is a TFTP service program built into D-Link wireless AP. D-Link TFTP Server has a vulnerability in processing malformed TFTP access requests, and remote attackers may use this vulnerability to control the server. Test code: http://www.securityfocus.com/data/vulnerabilities/exploits/22923.rb Patching plan: The vendor has not released upgrade patches for the time being, please pay attention to the vendor address in time: http://www.dlink.com. D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. Given the nature of this issue, the attacker may presumably be able to execute code. \nD-Link TFTP 1.0 is vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link TFTP Server Data Handling Memory Corruption\n\nSECUNIA ADVISORY ID:\nSA24360\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24360/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nD-Link TFTP Server 1.x\nhttp://secunia.com/product/13596/\n\nDESCRIPTION:\nParvez Anwar has discovered a vulnerability in D-Link TFTP Server,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to an error within the handling of\nreceived data. This can be exploited to corrupt certain structures in\nmemory via an overly long (greater than 300 bytes), specially crafted\nGET or PUT request. \n\nThe vulnerability is confirmed in version 1.0. \n\nSOLUTION:\nUse in a trusted network environment only. \n\nPROVIDED AND/OR DISCOVERED BY:\nParvez Anwar\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1435"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "BID",
"id": "22923"
},
{
"db": "VULHUB",
"id": "VHN-24797"
},
{
"db": "PACKETSTORM",
"id": "54996"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-24797",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24797"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1435",
"trust": 3.4
},
{
"db": "BID",
"id": "22923",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "24360",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "33977",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-1848",
"trust": 0.6
},
{
"db": "CNCVE",
"id": "CNCVE-20071435",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2007-1847",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29735",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16345",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83218",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83123",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-24797",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54996",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "VULHUB",
"id": "VHN-24797"
},
{
"db": "BID",
"id": "22923"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "PACKETSTORM",
"id": "54996"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"id": "VAR-200703-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "VULHUB",
"id": "VHN-24797"
}
],
"trust": 0.13
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
}
]
},
"last_update_date": "2025-04-10T23:13:20.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://osvdb.org/33977"
},
{
"trust": 2.3,
"url": "http://secunia.com/advisories/24360"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/22923"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1435"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1435"
},
{
"trust": 0.3,
"url": "http://www.dlink.com.sg/products/?pid=308"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24360/"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "VULHUB",
"id": "VHN-24797"
},
{
"db": "BID",
"id": "22923"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "PACKETSTORM",
"id": "54996"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"db": "VULHUB",
"id": "VHN-24797"
},
{
"db": "BID",
"id": "22923"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"db": "PACKETSTORM",
"id": "54996"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"date": "2007-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"date": "2007-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-24797"
},
{
"date": "2007-03-12T00:00:00",
"db": "BID",
"id": "22923"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"date": "2007-03-13T00:30:19",
"db": "PACKETSTORM",
"id": "54996"
},
{
"date": "2007-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"date": "2007-03-13T19:19:00",
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1848"
},
{
"date": "2007-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-1847"
},
{
"date": "2008-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-24797"
},
{
"date": "2015-05-12T19:29:00",
"db": "BID",
"id": "22923"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001692"
},
{
"date": "2007-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-350"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-1435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link TFTP Server Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001692"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-350"
}
],
"trust": 0.6
}
}
VAR-200712-0406
Vulnerability from variot - Updated: 2025-04-10 23:11Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. Gesytec Easylon OPC Server Does not properly validate the server handle, so arbitrary code may be executed or denial of service (DoS) There is a vulnerability that will be in a state. Easylon OPC Server is a system control server software used in the field of industrial automation. This issue affects versions prior to Easylon OPC Server 2.3.44.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
The vulnerability is caused due to an error when validating server handles and can be exploited to e.g.
SOLUTION: Update to version 2.3.44 or later. ftp://ftp.gesytec.de/pub/opc/
PROVIDED AND/OR DISCOVERED BY: Neutralbit
ORIGINAL ADVISORY: VU#205073: http://www.kb.cert.org/vuls/id/205073
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opc server",
"scope": "eq",
"trust": 1.6,
"vendor": "gesytec easylon",
"version": "2.30.32"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gesytec",
"version": null
},
{
"model": "opc server",
"scope": "lt",
"trust": 0.8,
"vendor": "gesytec easylon",
"version": "2.3.44"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "opc server",
"version": "2.30.32"
},
{
"model": "easylon opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "gesytec",
"version": "2.30.32"
},
{
"model": "easylon opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "gesytec",
"version": "2.0"
},
{
"model": "easylon opc server",
"scope": "ne",
"trust": 0.3,
"vendor": "gesytec",
"version": "2.3.44"
}
],
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gesytec_easylon:opc_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NeutralBit http://www.neutralbit.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4473",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-4473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "18d7792a-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4473",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#205073",
"trust": 0.8,
"value": "4.50"
},
{
"author": "NVD",
"id": "CVE-2007-4473",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-200",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. Gesytec Easylon OPC Server Does not properly validate the server handle, so arbitrary code may be executed or denial of service (DoS) There is a vulnerability that will be in a state. Easylon OPC Server is a system control server software used in the field of industrial automation. \nThis issue affects versions prior to Easylon OPC Server 2.3.44. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nThe vulnerability is caused due to an error when validating server\nhandles and can be exploited to e.g. \n\nSOLUTION:\nUpdate to version 2.3.44 or later. \nftp://ftp.gesytec.de/pub/opc/\n\nPROVIDED AND/OR DISCOVERED BY:\nNeutralbit\n\nORIGINAL ADVISORY:\nVU#205073:\nhttp://www.kb.cert.org/vuls/id/205073\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4473"
},
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "61853"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4473",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#205073",
"trust": 3.6
},
{
"db": "BID",
"id": "26876",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "28079",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "42650",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2007-7002",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540",
"trust": 0.8
},
{
"db": "XF",
"id": "39062",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "11286",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D75B1DE-463F-11E9-A03E-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "18D7792A-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "61853",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "PACKETSTORM",
"id": "61853"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"id": "VAR-200712-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
}
]
},
"last_update_date": "2025-04-10T23:11:32.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gesytec.de/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/205073"
},
{
"trust": 2.4,
"url": "http://www.neutralbit.com/en/rd/opctest/"
},
{
"trust": 1.6,
"url": "http://www.neutralbit.com/downloads/nb-nb-001-ext-opc%20security%20testing.pdf"
},
{
"trust": 1.6,
"url": "http://osvdb.org/42650"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/26876"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28079"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39062"
},
{
"trust": 0.8,
"url": "ftp://ftp.gesytec.de/pub/opc/"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20050223-00157.pdf"
},
{
"trust": 0.8,
"url": "http://www.opcfoundation.org/default.aspx/01_about/01_whatis.asp?mid=aboutopc"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/wiki/ole_for_process_control"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4473"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4473"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39062"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11286"
},
{
"trust": 0.3,
"url": "http://www.gesytec.de/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28079/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16967/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "PACKETSTORM",
"id": "61853"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#205073"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"db": "PACKETSTORM",
"id": "61853"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-14T00:00:00",
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"date": "2007-12-14T00:00:00",
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2007-12-14T00:00:00",
"db": "CERT/CC",
"id": "VU#205073"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"date": "2007-12-14T00:00:00",
"db": "BID",
"id": "26876"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"date": "2007-12-18T00:56:59",
"db": "PACKETSTORM",
"id": "61853"
},
{
"date": "2007-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"date": "2007-12-17T21:46:00",
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-10T00:00:00",
"db": "CERT/CC",
"id": "VU#205073"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"date": "2007-12-17T21:01:00",
"db": "BID",
"id": "26876"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002540"
},
{
"date": "2007-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-200"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Easylon OPC Server Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2007-7002"
},
{
"db": "BID",
"id": "26876"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
}
],
"trust": 1.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d75b1de-463f-11e9-a03e-000c29342cb1"
},
{
"db": "IVD",
"id": "18d7792a-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-200"
}
],
"trust": 1.0
}
}
VAR-200708-0003
Vulnerability from variot - Updated: 2025-04-10 23:09Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Atheros Provided by the company Microsoft Windows The wireless network driver for is vulnerable to the frame handling part. Crafted 802.11 Sending a management frame causes a buffer overflow, resulting in service disruption ( DoS ) You may be attacked. 802.11b, 802.11g, 802.11n Management frames in are not encrypted and do not require authentication to be sent. further, WEP And WPA It has been found that even if wireless communication encryption such as is affected by this vulnerability. Linux And UNIX Used in NDISWrapper And using vulnerable drivers with similar technologies may also be affected.
The driver did not adequately check for malformed management frames, and a remote attacker could trigger an overflow by sending a specially constructed 802.11 management frame that requires no authentication or encryption. Atheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. This issue is reported to affect drivers for the Windows operating system.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
SOLUTION: The vendor has reportedly issued firmware updates (versions 5.3.0.35 and 6.0.3.67 and later) to OEMs.
PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT.
ORIGINAL ADVISORY: US-CERT VU#730169: http://www.kb.cert.org/vuls/id/730169
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "all windows",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atheros",
"version": null
},
{
"model": "driver",
"scope": "eq",
"trust": 0.8,
"vendor": "atheros",
"version": "version 5.3.0 system (atheros 802.11 a/b/g)"
},
{
"model": "driver",
"scope": "eq",
"trust": 0.8,
"vendor": "atheros",
"version": "version 6.0.3 system (atheros 802.11 a/b/g)"
},
{
"model": "celsius work station",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv desktop",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv thin client",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-biblo",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-biblo loox",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-deskpower",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-esprimo",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-lifebook",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "fmv-stylistic",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "wireless adapter drivers",
"scope": "eq",
"trust": 0.6,
"vendor": "atheros",
"version": "6.0.3.67"
},
{
"model": "wireless adapter drivers",
"scope": "eq",
"trust": 0.6,
"vendor": "atheros",
"version": "5.1.1.9"
},
{
"model": "communications wireless driver a/b/g",
"scope": "eq",
"trust": 0.3,
"vendor": "atheros",
"version": "802.110"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"db": "BID",
"id": "25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:atheros:wireless_adapter_drivers",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:celsius_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv_thin_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-biblo",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-biblo_loox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-deskpower",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-esprimo",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-lifebook",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fujitsu:fmv-stylistic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Krasny",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-2927",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-26289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-2927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#730169",
"trust": 0.8,
"value": "0.77"
},
{
"author": "NVD",
"id": "CVE-2007-2927",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-075",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "VULHUB",
"id": "VHN-26289"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Atheros Provided by the company Microsoft Windows The wireless network driver for is vulnerable to the frame handling part. Crafted 802.11 Sending a management frame causes a buffer overflow, resulting in service disruption ( DoS ) You may be attacked. 802.11b, 802.11g, 802.11n Management frames in are not encrypted and do not require authentication to be sent. further, WEP And WPA It has been found that even if wireless communication encryption such as is affected by this vulnerability. Linux And UNIX Used in NDISWrapper And using vulnerable drivers with similar technologies may also be affected. \n\n\u00a0The driver did not adequately check for malformed management frames, and a remote attacker could trigger an overflow by sending a specially constructed 802.11 management frame that requires no authentication or encryption. \nAtheros drivers are also used by OEM (Original Equipment Manufacturer) wireless adapters. \nThis issue is reported to affect drivers for the Windows operating system. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nSOLUTION:\nThe vendor has reportedly issued firmware updates (versions 5.3.0.35\nand 6.0.3.67 and later) to OEMs. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT VU#730169:\nhttp://www.kb.cert.org/vuls/id/730169\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2927"
},
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"db": "BID",
"id": "25160"
},
{
"db": "VULHUB",
"id": "VHN-26289"
},
{
"db": "PACKETSTORM",
"id": "58395"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#730169",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2007-2927",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "26348",
"trust": 2.7
},
{
"db": "BID",
"id": "25160",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2007-2756",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "37992",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4814",
"trust": 0.6
},
{
"db": "XF",
"id": "35788",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-26289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58395",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"db": "VULHUB",
"id": "VHN-26289"
},
{
"db": "BID",
"id": "25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "PACKETSTORM",
"id": "58395"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"id": "VAR-200708-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26289"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:09:44.204000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.atheros.com/"
},
{
"title": "Atheros\u793e\u88fd\u7121\u7dda\uff08\u30ef\u30a4\u30e4\u30ec\u30b9\uff09LAN\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/atheros/wlan/"
},
{
"title": "VU#730169",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu730169.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/730169"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25160"
},
{
"trust": 1.7,
"url": "http://osvdb.org/37992"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26348"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2756"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35788"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26348/"
},
{
"trust": 0.8,
"url": "http://www.atheros.com/contact/index.html"
},
{
"trust": 0.8,
"url": "http://standards.ieee.org/announcements/pr_frames.html"
},
{
"trust": 0.8,
"url": "http://standards.ieee.org/getieee802/download/802.11-1999.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2927"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23730169/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2927"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2756"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35788"
},
{
"trust": 0.3,
"url": "http://www.atheros.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15189/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "VULHUB",
"id": "VHN-26289"
},
{
"db": "BID",
"id": "25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "PACKETSTORM",
"id": "58395"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#730169"
},
{
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"db": "VULHUB",
"id": "VHN-26289"
},
{
"db": "BID",
"id": "25160"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"db": "PACKETSTORM",
"id": "58395"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#730169"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"date": "2007-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-26289"
},
{
"date": "2007-08-01T00:00:00",
"db": "BID",
"id": "25160"
},
{
"date": "2007-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"date": "2007-08-10T02:01:07",
"db": "PACKETSTORM",
"id": "58395"
},
{
"date": "2007-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"date": "2007-08-08T01:17:00",
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-12T00:00:00",
"db": "CERT/CC",
"id": "VU#730169"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4814"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-26289"
},
{
"date": "2007-08-02T20:55:00",
"db": "BID",
"id": "25160"
},
{
"date": "2007-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000565"
},
{
"date": "2007-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-075"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-2927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atheros wireless network drivers may fail to properly handle malformed frames",
"sources": [
{
"db": "CERT/CC",
"id": "VU#730169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-075"
}
],
"trust": 0.6
}
}
VAR-200612-0411
Vulnerability from variot - Updated: 2025-04-10 23:07Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. Hitachi Directory Server is a directory server launched by Hitachi.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Hitachi Directory Server LDAP Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA23421
VERIFY ADVISORY: http://secunia.com/advisories/23421/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
SOFTWARE: Hitachi Directory Server 2.x http://secunia.com/product/4505/
DESCRIPTION: Some vulnerabilities have been reported in Hitachi Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerabilities are reported in version 2. Prior versions may also be affected.
SOLUTION: Update to version 02-11-/K (Windows) or 02-10-/V (HP-UX).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0411",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_11_h"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_1b44_a121_02_10_s"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_11"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_1b44_a121_02_10_q"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_11_f"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_1b44_a121_02_10"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_01"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_1b44_a121_02_10_p"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_11_g"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "p_2444_a124_02_00"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "p_1b44_a121_02_01"
},
{
"model": "directory server 2",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "p_1b44_a121_02_00"
},
{
"model": "directory server 2",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "02-11-/k"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "directory server version p-2444-a124 02-11-/h",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-2444-a124 02-11-/g",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-2444-a124 02-11-/f",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-2444-a124",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-11"
},
{
"model": "directory server version p-2444-a124",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-01"
},
{
"model": "directory server version p-2444-a124",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-00"
},
{
"model": "directory server version p-1b44-a121 02-10-/s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-1b44-a121 02-10-/q",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-1b44-a121 02-10-/p",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-1b44-a121",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-10"
},
{
"model": "directory server version p-1b44-a121",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-01"
},
{
"model": "directory server version p-1b44-a121",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-00"
},
{
"model": "directory server version p-2444-a124 02-11-/k",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "2"
},
{
"model": "directory server version p-2444-a121",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "202-10-/v"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"db": "BID",
"id": "21692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_directory_server_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-6713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-6713",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-6713",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-489",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. Hitachi Directory Server is a directory server launched by Hitachi. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Directory Server LDAP Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA23421\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23421/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nHitachi Directory Server 2.x\nhttp://secunia.com/product/4505/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Hitachi Directory Server,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) or compromise a vulnerable system. \n\nThe vulnerabilities are reported in version 2. Prior versions may\nalso be affected. \n\nSOLUTION:\nUpdate to version 02-11-/K (Windows) or 02-10-/V (HP-UX). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6713"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"db": "BID",
"id": "21692"
},
{
"db": "PACKETSTORM",
"id": "53146"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6713",
"trust": 3.3
},
{
"db": "HITACHI",
"id": "HS06-018",
"trust": 2.0
},
{
"db": "BID",
"id": "21692",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "23421",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-5098",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2006-9290",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "53146",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"db": "BID",
"id": "21692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "PACKETSTORM",
"id": "53146"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"id": "VAR-200612-0411",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
}
]
},
"last_update_date": "2025-04-10T23:07:43.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS06-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/pdf/HS06-018.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/21692"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23421"
},
{
"trust": 1.6,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-018_e/01-e.html"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/5098"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6713"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6713"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/5098"
},
{
"trust": 0.4,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-018_e/index-e.html"
},
{
"trust": 0.3,
"url": "http://www.hitachi.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23421/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4505/"
}
],
"sources": [
{
"db": "BID",
"id": "21692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "PACKETSTORM",
"id": "53146"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"db": "BID",
"id": "21692"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"db": "PACKETSTORM",
"id": "53146"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"date": "2006-12-21T00:00:00",
"db": "BID",
"id": "21692"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"date": "2006-12-21T21:14:31",
"db": "PACKETSTORM",
"id": "53146"
},
{
"date": "2006-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"date": "2006-12-23T01:28:00",
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "21692"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002634"
},
{
"date": "2007-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-489"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-6713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Directory Server LDAP Request Multiple Security Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-9290"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-489"
}
],
"trust": 0.6
}
}
VAR-200706-0408
Vulnerability from variot - Updated: 2025-04-10 23:07The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. D-Link DPH-540 / DPH-541 are popular wireless internet phone handsets.
There are vulnerabilities in DPH-540 / DPH-541 mobile phones when processing authentication of data requests. Remote attackers may use this vulnerability to send malicious messages to the device. An attacker can exploit this issue to bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dph-540",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.00.14"
},
{
"model": "dph-541",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.00.14"
},
{
"model": "dph-541",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.00.03"
},
{
"model": "dph-540",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.00.03"
},
{
"model": "dph-540",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dph-541",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dph-540/dph-541",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"db": "BID",
"id": "24560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dph-540",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dph-541",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sipera VIPER Lab\u203b viper@sipera.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3347",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-26709",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3347",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3347",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-26709",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26709"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server\u0027s IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. D-Link DPH-540 / DPH-541 are popular wireless internet phone handsets. \n\n\u00a0There are vulnerabilities in DPH-540 / DPH-541 mobile phones when processing authentication of data requests. Remote attackers may use this vulnerability to send malicious messages to the device. \nAn attacker can exploit this issue to bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3347"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"db": "BID",
"id": "24560"
},
{
"db": "VULHUB",
"id": "VHN-26709"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3347",
"trust": 3.4
},
{
"db": "BID",
"id": "24560",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "25803",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2320",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2007-2208",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-26709",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"db": "VULHUB",
"id": "VHN-26709"
},
{
"db": "BID",
"id": "24560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"id": "VAR-200706-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"db": "VULHUB",
"id": "VHN-26709"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-2208"
}
]
},
"last_update_date": "2025-04-10T23:07:27.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24560"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25803"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2320"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35063"
},
{
"trust": 1.0,
"url": "http://www.sipera.com/index.php?action=resources%2cthreat_advisory\u0026tid=219\u0026"
},
{
"trust": 0.9,
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=219\u0026"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3347"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3347"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2320"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026amp;tid=219\u0026amp;"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26709"
},
{
"db": "BID",
"id": "24560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"db": "VULHUB",
"id": "VHN-26709"
},
{
"db": "BID",
"id": "24560"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"date": "2007-06-22T00:00:00",
"db": "VULHUB",
"id": "VHN-26709"
},
{
"date": "2007-03-26T00:00:00",
"db": "BID",
"id": "24560"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"date": "2007-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"date": "2007-06-22T18:30:00",
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-2208"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-26709"
},
{
"date": "2007-06-26T23:38:00",
"db": "BID",
"id": "24560"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002225"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-363"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DPH-540/DPH-541 Any on the phone SIP Vulnerability used for communication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-363"
}
],
"trust": 0.6
}
}
VAR-200803-0231
Vulnerability from variot - Updated: 2025-04-10 23:07Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation.". Apple AirPort Extreme Base Station is a small wireless access solution.
Apple AirPort Extreme Base Station has a vulnerability in processing malformed requests. If a special AFP request is sent to the device, file sharing will become unresponsive. AirPort Extreme running firmware versions prior to 7.3.1 are affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
SOLUTION: Update to one of the following firmware versions: * AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1 * AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
PROVIDED AND/OR DISCOVERED BY: The vendor credits Alex deVries.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT1226
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airport extreme base station",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "airport extreme base station",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "firmware 7.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "airport extreme base station",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.3.1_firmware"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2.1"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.7"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.5"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "airport extreme",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "airport extreme",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:apple_airport_extreme_base_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alex deVries",
"sources": [
{
"db": "BID",
"id": "28348"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
}
],
"trust": 0.9
},
"cve": "CVE-2008-1012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-1012",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-31137",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1012",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-1012",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-329",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31137",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to \"input validation.\". Apple AirPort Extreme Base Station is a small wireless access solution. \n\n\u00a0Apple AirPort Extreme Base Station has a vulnerability in processing malformed requests. If a special AFP request is sent to the device, file sharing will become unresponsive. \nAirPort Extreme running firmware versions prior to 7.3.1 are affected. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nSOLUTION:\nUpdate to one of the following firmware versions:\n* AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1\n* AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Alex deVries. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT1226\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1012"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "PACKETSTORM",
"id": "64802"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1012",
"trust": 3.4
},
{
"db": "BID",
"id": "28348",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29447",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-0955",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1019678",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2008-1536",
"trust": 0.6
},
{
"db": "XF",
"id": "41325",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-19",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64802",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "PACKETSTORM",
"id": "64802"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"id": "VAR-200803-0231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31137"
}
],
"trust": 0.44065935
},
"last_update_date": "2025-04-10T23:07:15.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2008-03-19",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00002.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://support.apple.com/kb/ht1226"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28348"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019678"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29447"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0955/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41325"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1012"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1012"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41325"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0955/references"
},
{
"trust": 0.3,
"url": "http://www.apple.com/airportextreme/"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4504/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29447/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "PACKETSTORM",
"id": "64802"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"db": "VULHUB",
"id": "VHN-31137"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"db": "PACKETSTORM",
"id": "64802"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"date": "2008-03-20T00:00:00",
"db": "VULHUB",
"id": "VHN-31137"
},
{
"date": "2008-03-20T00:00:00",
"db": "BID",
"id": "28348"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"date": "2008-03-21T22:30:18",
"db": "PACKETSTORM",
"id": "64802"
},
{
"date": "2008-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"date": "2008-03-20T10:44:00",
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-31137"
},
{
"date": "2008-03-20T21:30:00",
"db": "BID",
"id": "28348"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002778"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-329"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple AirPort Extreme Base Station AFP Request Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-1536"
},
{
"db": "BID",
"id": "28348"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-329"
}
],
"trust": 0.6
}
}
VAR-200801-0248
Vulnerability from variot - Updated: 2025-04-10 23:00Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. An attacker can run an executable server-side script ( Example: Windows Internet Information Server of ASP shell Etc.) or execute arbitrary commands with web server execution privileges. GE Fanuc Proficy Information Portal Is a web-based system status reporting system that connects production information systems and inter-enterprise networks and handles data such as production information online. This action could allow an attacker to access a vulnerable production information system.
The Proficy Real-Time Information Portal has a vulnerability in processing user requests, and remote attackers could use this vulnerability to control the server.
Proficy Real-Time Information Portal does not perform the correct Java RMI call to Add WebSource, allowing the user to set the name and path of the file location, and another parameter of the file itself is the base64-encoded content. A successful exploit can allow an attacker to upload arbitrary scripts and execute them in the context of the application. Proficy Real Time Information Portal 2.6 is vulnerable; other versions may also be affected. Background
GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting application for the SCADA environment. As such it will usually be installed in a buffer zone between the SCADA and the corporate network, which makes it a very sensitive application as it can reach both networks.
Impact
An authenticated attacker can compromise the server running Proficy Information Portal, enabling him to progress to the control/process network.
Workaround/Fix
Vendor fix will be available by Feb 15th. A possible workaround is to remove the write permission of the IIS user from the Proficy directory.
Additional Information
For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175
Credit
This vulnerability was discovered and exploited by Eyal Udassin of C4.
Regards,
Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com http://www.c4-security.com/ +972-547-684989 .
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability
SECUNIA ADVISORY ID: SA28678
VERIFY ADVISORY: http://secunia.com/advisories/28678/
CRITICAL: Less critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: Proficy Real-Time Information Portal 2.x http://secunia.com/product/17343/
DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy Real-Time Information Portal, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in the "Add WebSource" feature when handling file uploads. This can be exploited to e.g.
The vulnerability is reported in version 2.6. Other versions may also be affected.
SOLUTION: The vendor will reportedly release a SIM (Software Improvement Module) by February 15, 2008.
PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security
ORIGINAL ADVISORY: GE Fanuc (KB12460): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html
OTHER REFERENCES: US-CERT VU#339345: http://www.kb.cert.org/vuls/id/339345
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proficy real-time information portal",
"scope": "lte",
"trust": 1.8,
"vendor": "ge fanuc",
"version": "2.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ge fanuc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "proficy real-time information portal",
"scope": "eq",
"trust": 0.6,
"vendor": "ge fanuc",
"version": "2.6"
},
{
"model": "fanuc proficy real-time information portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.6"
},
{
"model": "fanuc proficy real-time information portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proficy real time information portal",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_fanuc:proficy_real-time_information_portal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eyal Udassin of C4",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-0175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "06837a6c-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0175",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#339345",
"trust": 0.8,
"value": "0.84"
},
{
"author": "NVD",
"id": "CVE-2008-0175",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. An attacker can run an executable server-side script ( Example: Windows Internet Information Server of ASP shell Etc.) or execute arbitrary commands with web server execution privileges. GE Fanuc Proficy Information Portal Is a web-based system status reporting system that connects production information systems and inter-enterprise networks and handles data such as production information online. This action could allow an attacker to access a vulnerable production information system. \n\n\u00a0The Proficy Real-Time Information Portal has a vulnerability in processing user requests, and remote attackers could use this vulnerability to control the server. \n\n\u00a0Proficy Real-Time Information Portal does not perform the correct Java RMI call to Add WebSource, allowing the user to set the name and path of the file location, and another parameter of the file itself is the base64-encoded content. \nA successful exploit can allow an attacker to upload arbitrary scripts and execute them in the context of the application. \nProficy Real Time Information Portal 2.6 is vulnerable; other versions may also be affected. Background\n-----------------\nGE-Fanuc\u0027s Proficy Information Portal 2.6 is a web based reporting\napplication for the SCADA environment. As such it will usually be installed\nin a buffer zone between the SCADA and the corporate network, which makes it\na very sensitive application as it can reach both networks. \n\nImpact\n----------\nAn authenticated attacker can compromise the server running Proficy\nInformation Portal, enabling him to progress to the control/process network. \n \nWorkaround/Fix\n-----------------------\nVendor fix will be available by Feb 15th. \nA possible workaround is to remove the write permission of the IIS user from\nthe Proficy directory. \n \nAdditional Information\n-------------------------------\nFor additional information please contact us at info@c4-security.com. Note\nthat we will respond only to verified utility personnel and governmental\nagencies. \nThe CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175\n \nCredit\n--------\nThis vulnerability was discovered and exploited by Eyal Udassin of C4. \n \nRegards,\n \nEyal Udassin - C4 (Formerly Swift Coders)\n33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel\neyal.udassin@c4-security.com / www.c4-security.com\n\u003chttp://www.c4-security.com/\u003e \n+972-547-684989\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal \"Add WebSource\" File Upload\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA28678\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28678/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nProficy Real-Time Information Portal 2.x\nhttp://secunia.com/product/17343/\n\nDESCRIPTION:\nEyal Udassin has reported a vulnerability in Proficy Real-Time\nInformation Portal, which can be exploited by malicious users to\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to an error in the \"Add WebSource\"\nfeature when handling file uploads. This can be exploited to e.g. \n\nThe vulnerability is reported in version 2.6. Other versions may also\nbe affected. \n\nSOLUTION:\nThe vendor will reportedly release a SIM (Software Improvement\nModule) by February 15, 2008. \n\nPROVIDED AND/OR DISCOVERED BY:\nEyal Udassin, C4 Security\n\nORIGINAL ADVISORY:\nGE Fanuc (KB12460):\nhttp://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12460\n\nC4 Security (via BugTraq):\nhttp://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html\n\nOTHER REFERENCES:\nUS-CERT VU#339345:\nhttp://www.kb.cert.org/vuls/id/339345\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0175"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0175",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#339345",
"trust": 3.0
},
{
"db": "BID",
"id": "27446",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "28678",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019274",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2008-0307",
"trust": 1.6
},
{
"db": "SREASON",
"id": "3591",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2008-0433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "0811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080125 C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 ARBITRARY FILE UPLOAD AND EXECUTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080129 RE: C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 ARBITRARY FILE UPLOAD AND EXECUTION",
"trust": 0.6
},
{
"db": "IVD",
"id": "06837A6C-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "63005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63060",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"id": "VAR-200801-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
],
"trust": 1.1820513
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
]
},
"last_update_date": "2025-04-10T23:00:36.707000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Securing Your HMI/SCADA Systems",
"trust": 0.8,
"url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
},
{
"title": "KB12460",
"trust": 0.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12460"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12460"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/28678"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/27446"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1019274"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/339345"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3591"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487079/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487242/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0307/references"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/487079/30/0/threaded"
},
{
"trust": 0.8,
"url": "http://packetstormsecurity.org/0811-exploits/hooked_on_fanucs.rb.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0175"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23339345/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0175"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487079/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487242/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0307/references"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/current/index.html#ge_fanuc_product_vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html"
},
{
"trust": 0.3,
"url": "/archive/1/487079"
},
{
"trust": 0.3,
"url": "/archive/1/487242"
},
{
"trust": 0.1,
"url": "http://www.c4-security.com/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0175"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17343/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28678/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-24T00:00:00",
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2008-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"date": "2008-01-24T00:00:00",
"db": "BID",
"id": "27446"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"date": "2008-01-26T00:12:46",
"db": "PACKETSTORM",
"id": "63005"
},
{
"date": "2008-01-29T00:00:58",
"db": "PACKETSTORM",
"id": "63060"
},
{
"date": "2008-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"date": "2008-01-29T02:00:00",
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"date": "2008-11-04T17:55:00",
"db": "BID",
"id": "27446"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE-Fanuc Proficy Real-Time Information Portal Remote script upload and execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.8
}
}
VAR-200609-0527
Vulnerability from variot - Updated: 2025-04-10 22:58The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan.
FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information.
FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. An attacker can exploit this issue to bypass authentication and gain access to the device's administrative section. This could aid in further attacks.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Fi Win WiFi Phone SS28S Debug Console Security Issue
SECUNIA ADVISORY ID: SA22041
VERIFY ADVISORY: http://secunia.com/advisories/22041/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Fi Win WiFi Phone SS28S http://secunia.com/product/12156/
DESCRIPTION: Zachary McGrew has reported a security issue in FiWin SS28S, which can be exploited by malicious people to gain unauthorised access to the phone. This can be exploited to e.g. disclose password information or perform various actions resulting in the phone crashing.
SOLUTION: Use the product within trusted networks only.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Zachary McGrew
ORIGINAL ADVISORY: http://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ss28s wifi voip sip skype phone",
"scope": "eq",
"trust": 1.6,
"vendor": "fiwin",
"version": "2007-02-01"
},
{
"model": "ss28s wifi voip sip skype phone",
"scope": "eq",
"trust": 0.8,
"vendor": "fiwin",
"version": "01_02_07"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ss28s wifi voip sip skype phone",
"version": "2007-02-01"
},
{
"model": "ss28s wifi voip sip/skype phone 01 02 07",
"scope": null,
"trust": 0.3,
"vendor": "fiwin",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:fiwin:ss28s_wifi_voip_sip_skype_phone",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zachary McGrew",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7c4191-463f-11e9-8055-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5038",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-5038",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-476",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. FiWin SS28S is a wireless IP phone from Taiwan. \n\n\u00a0FiWin SS28S has a default configuration error when processing access verification. Remote attackers may use this vulnerability to gain unauthorized access to sensitive information. \n\n\u00a0FiWin SS28S opens the VxWorks Telnet port by default and uses a hard-coded username and password (1/1). This allows attackers to bypass authentication restrictions, run various debug commands, and obtain various sensitive information. \nAn attacker can exploit this issue to bypass authentication and gain access to the device\u0027s administrative section. This could aid in further attacks. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nFi Win WiFi Phone SS28S Debug Console Security Issue\n\nSECUNIA ADVISORY ID:\nSA22041\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22041/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nFi Win WiFi Phone SS28S\nhttp://secunia.com/product/12156/\n\nDESCRIPTION:\nZachary McGrew has reported a security issue in FiWin SS28S, which\ncan be exploited by malicious people to gain unauthorised access to\nthe phone. \nThis can be exploited to e.g. disclose password information or perform\nvarious actions resulting in the phone crashing. \n\nSOLUTION:\nUse the product within trusted networks only. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nZachary McGrew\n\nORIGINAL ADVISORY:\nhttp://www.osnews.com/story.php/15923/Review-FiWin-SS28S-WiFi-VoIP-SIPSkype-Phone/page1/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5038"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "50407"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5038",
"trust": 3.4
},
{
"db": "BID",
"id": "20154",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "22041",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2006-7318",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20060921 FIWIN SS28S WIFI VOIP SIP/SKYPE PHONE HARDCODED TELNET USER/PASS AND DEBUG ACCESS",
"trust": 0.6
},
{
"db": "XF",
"id": "28",
"trust": 0.6
},
{
"db": "XF",
"id": "29114",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7C4191-463F-11E9-8055-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "FA7C5AE8-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "50407",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"id": "VAR-200609-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
}
]
},
"last_update_date": "2025-04-10T22:58:01.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fiwin.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/20154"
},
{
"trust": 1.6,
"url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0391.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22041"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29114"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5038"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5038"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29114"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22041/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://www.osnews.com/story.php/15923/review-fiwin-ss28s-wifi-voip-sipskype-phone/page1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12156/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"db": "BID",
"id": "20154"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"db": "PACKETSTORM",
"id": "50407"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-22T00:00:00",
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"date": "2006-09-22T00:00:00",
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"date": "2006-09-22T00:00:00",
"db": "BID",
"id": "20154"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"date": "2006-10-03T01:14:36",
"db": "PACKETSTORM",
"id": "50407"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"date": "2006-09-27T23:07:00",
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-7318"
},
{
"date": "2006-09-22T23:06:00",
"db": "BID",
"id": "20154"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001322"
},
{
"date": "2006-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-476"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiWin SS28S WiFi VoIP SIP/Skype Phone default built-in account vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access verification error",
"sources": [
{
"db": "IVD",
"id": "7d7c4191-463f-11e9-8055-000c29342cb1"
},
{
"db": "IVD",
"id": "fa7c5ae8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-476"
}
],
"trust": 1.0
}
}
VAR-200809-0058
Vulnerability from variot - Updated: 2025-04-10 22:57The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. D-Link DIR-100 is a small broadband router with integrated firewall function.
There are loopholes in the implementation of DIR-100's web management interface. If users use a long URL of about 1300 characters in a web browser, they can bypass URL filtering performed by the built-in firewall of D-Link DIR-100 router. Access to restricted resources. D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well. ----------------------------------------------------------------------
We have updated our website, enjoy! http://secunia.com/
TITLE: D-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass
SECUNIA ADVISORY ID: SA31767
VERIFY ADVISORY: http://secunia.com/advisories/31767/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: D-Link DIR-100 Ethernet Broadband Router http://secunia.com/product/19762/
DESCRIPTION: Marc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet Broadband Router, which can be exploited by malicious people to bypass the URL filtering functionality.
The vulnerability is caused due to an error within the parental control when handling certain requested URLs and can be exploited to access forbidden websites via long, specially crafted requests.
SOLUTION: Do not rely on the filtering mechanism.
PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064303.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-100",
"scope": "eq",
"trust": 1.9,
"vendor": "d link",
"version": "1.12"
},
{
"model": "dir-100",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dir-100",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 1.12"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"db": "BID",
"id": "31050"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-100",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef",
"sources": [
{
"db": "BID",
"id": "31050"
}
],
"trust": 0.3
},
"cve": "CVE-2008-4133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-4133",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-34258",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-4133",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-4133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-264",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-34258",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. D-Link DIR-100 is a small broadband router with integrated firewall function. \n\n\u00a0There are loopholes in the implementation of DIR-100\u0027s web management interface. If users use a long URL of about 1300 characters in a web browser, they can bypass URL filtering performed by the built-in firewall of D-Link DIR-100 router. Access to restricted resources. D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. \nD-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well. ----------------------------------------------------------------------\n\nWe have updated our website, enjoy!\nhttp://secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass\n\nSECUNIA ADVISORY ID:\nSA31767\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31767/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nD-Link DIR-100 Ethernet Broadband Router\nhttp://secunia.com/product/19762/\n\nDESCRIPTION:\nMarc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet\nBroadband Router, which can be exploited by malicious people to\nbypass the URL filtering functionality. \n\nThe vulnerability is caused due to an error within the parental\ncontrol when handling certain requested URLs and can be exploited to\naccess forbidden websites via long, specially crafted requests. \n\nSOLUTION:\nDo not rely on the filtering mechanism. \n\nPROVIDED AND/OR DISCOVERED BY:\nMarc Ruef, scip AG\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064303.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4133"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"db": "BID",
"id": "31050"
},
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "PACKETSTORM",
"id": "69757"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-34258",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34258"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4133",
"trust": 3.4
},
{
"db": "BID",
"id": "31050",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31767",
"trust": 1.8
},
{
"db": "SREASON",
"id": "4276",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020825",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2008-4325",
"trust": 0.6
},
{
"db": "XF",
"id": "100",
"trust": 0.6
},
{
"db": "XF",
"id": "44961",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "32336",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85630",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-34258",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69757",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "BID",
"id": "31050"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "PACKETSTORM",
"id": "69757"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"id": "VAR-200809-0058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"db": "VULHUB",
"id": "VHN-34258"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-4325"
}
]
},
"last_update_date": "2025-04-10T22:57:32.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31050"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html"
},
{
"trust": 1.7,
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020825"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31767"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4276"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/496072/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44961"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4133"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4133"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44961"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/496072/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.dlink.co.uk/?go=jn7uaylx/oijawvudlyzu93ygjvykujxstvhlpg3yv3ov41/haltbnlwaarp7touamu5j3cf/yenbs7l1kfnl0sstuzf"
},
{
"trust": 0.3,
"url": "/archive/1/496072"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31767/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-september/064303.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "BID",
"id": "31050"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "PACKETSTORM",
"id": "69757"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"db": "VULHUB",
"id": "VHN-34258"
},
{
"db": "BID",
"id": "31050"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"db": "PACKETSTORM",
"id": "69757"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"date": "2008-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-34258"
},
{
"date": "2008-09-08T00:00:00",
"db": "BID",
"id": "31050"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"date": "2008-09-09T20:50:53",
"db": "PACKETSTORM",
"id": "69757"
},
{
"date": "2008-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"date": "2008-09-19T17:15:05.593000",
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-4325"
},
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-34258"
},
{
"date": "2015-04-16T17:54:00",
"db": "BID",
"id": "31050"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003444"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-264"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-4133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-100 upper Web In proxy service Web Vulnerability bypassing restriction filters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-264"
}
],
"trust": 0.6
}
}
VAR-200805-0133
Vulnerability from variot - Updated: 2025-04-10 22:57The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. Wonderware SuiteLink Crafted by TCP Denial of service when processing packets (DoS) There are vulnerabilities that may be affected. Wonderware SuiteLink Is the protocol used in the control system. Implemented this protocol Wonderware SuiteLink Service(slssvc.exe) Is Windows As a service on 5413/tcp Use to communicate. Wonderware SuiteLink Service(slssvc.exe) In TCP There is a problem with the processing of the packet, and receiving a specially crafted packet can cause a service outage.Denial of service by remote third party (DoS) There is a possibility of being attacked. WonderWare is a supplier of industrial automation and information software solutions. WonderWare has a vulnerability in processing malformed request data, which could be exploited by remote attackers to render services unavailable. WonderWare's SuiteLink service listens for connections on port 5413 / TCP. Non-authenticated client programs connected to the service can send malformed messages, and by calling the new () operator, the memory allocation operation fails and returns a null pointer. Due to the lack of error checking on the results of memory allocation operations, the program may later use null pointers as targets for memory copy operations, which may trigger memory access exceptions and terminate services. An attacker can trigger a memory allocation operation failure by specifying an oversized field in the Registration message. The following binary program segment describes the cause of the vulnerability: .text: 00405C1B mov esi, [ebp + dwLen]; Our value from packet
...
.text: 00405C20 push edi
.text: 00405C21 test esi, esi; Check value! = 0
...
.text: 00405C31 push esi; Alloc with our length
.text: 00405C32 mov [ebp + var_4], 0
.text: 00405C39 call operator new (uint); Big values return NULL
.text: 00405C3E mov ecx, esi; Memcpy with our length
.text: 00405C40 mov esi, [ebp + pDestionationAddr]
.text: 00405C43 mov [ebx + 4], eax; new result is used as dest
.text: 00405C46 mov edi, eax; address without checks.
.text: 00405C48 mov eax, ecx
.text: 00405C4A add esp, 4
.text: 00405C4D shr ecx, 2
.text: 00405C50 rep movsd; AV due to invalid
.text: 00405C52 mov ecx, eax; destination pointer.
.text: 00405C54 and ecx, 3
------------ /. Wonderware SuiteLink is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed. Versions prior to Wonderware SuiteLink 2.0 Patch 01 are vulnerable. UPDATE: References to Wonderware InTouch 8.0 have been removed; that software is not affected by this vulnerability. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
PROVIDED AND/OR DISCOVERED BY: Sebastian Muniz, Core Security Technologies
ORIGINAL ADVISORY: Wonderware (requires login): http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm
CORE-2008-0129: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2187
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Wonderware SuiteLink Denial of Service vulnerability
Advisory Information
Title: Wonderware SuiteLink Denial of Service vulnerability Advisory ID: CORE-2008-0129 Advisory URL: http://www.coresecurity.com/?action=item&id=2187 Date published: 2008-05-05 Date of last update: 2008-05-05 Vendors contacted: Wonderware Release mode: Coordinated release
Vulnerability Information
Class: Denial of service
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 28974
CVE Name: CVE-2008-2005
Vulnerability Description
WonderWare is supplier of industrial automation and information software solutions. According to the company's website [1]: "one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more".
WonderWare offers software solutions in the areas of Production and Performance Management, and Geographical SCADA and Supervisory HMI (Human-Machine Interface). Several of these solutions running on Microsoft Windows Operating Systems use a common software component, the SuiteLink Service, to implement communications between components using a proprietary protocol over TCP/IP networks. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.
Vulnerable Packages
.
Non-vulnerable Packages
. Contact WonderWare for details.
Vendor Information, Solutions and Workarounds
The vendor has made a technical document available to registered customers detailing how to address this issue [2]. Additionally, an extensive guide detailing how to deploy and secure Industrial Control Systems is available at the vendor's support site [3].
Vendor Statement:
Wonderware, a business unit of Invensys, is committed to collaborate with our customers and industry standards committees to provide secure applications, security best practices, deployment guidelines, tools and prescriptive guidance for maintaining a secure environment. A potential denial of service issue on an insecure network which could have been instigated by a hostile internal user has been addressed in SuiteLink 2.0 Patch 01. More details can be found in Wonderware's Tech Alert 106 posted on our website along with the Patch. (Please note that access to the Tech Alert and the Patch will require that you register on our web site.) Wonderware users interested in upgrading should contact Wonderware or their local distributor.
Credits
This vulnerability was discovered and researched by Sebastian Muniz from the Exploit Writers Team (EWT) at Core Security Technologies.
Technical Description / Proof of Concept Code
WonderWare SuiteLink is a service that runs on Microsoft Windows Operating Systems listening for connections on port 5413/tcp. .text:00405C54 and ecx, 3
- -----------/
Report Timeline
. 2008-01-30: Initial contact email sent by to Wonderware setting the estimated publication date of the advisory to February 25th. 2008-01-30: Contact email re-sent to Wonderware asking for a software security contact for Wonderware InTouch. 2008-02-06: New email sent to Wonderware asking for a response and for a software security contact for Wonderware InTouch. 2008-02-28: Core makes direct phone calls to Wonderware headquarters informing of the previous emails and requesting acknowledgement of the notification of a security vulnerability. 2008-02-28: As requested during the phone call, Core re-sends the original notification mail, stating that an advisory draft describing the vulnerability is available since January 30th. The publication of the advisory is re-scheduled to March 24th. 2008-02-28: Vendor acknowledges the email notification. 2008-02-28: Core sends the advisory draft to Wonderware support team. 2008-02-29: Vendor acknowledges reception of the report and states that it understands the seriousness of the problem and that its development team will look into it. 2008-02-29: Vendor asks for a copy of the proof of concept code used to demonstrate the vulnerability. 2008-03-03: Core sends proof-of-concept code written in Python. 2008-03-05: Vendor asks for compiler tools required to use the PoC code. 2008-03-05: Core sends a link to http://www.python.org where a Python interpreter can be downloaded. 2008-03-10: Vendor requests more information about the network and the firewall settings used during the tests and inquires about conformance (or lack thereof) of the tested network with the vendor's security policies and recommendations. 2008-03-10: Vendor asks for details about how the advisory will be published. 2008-03-12: Core responds that the workstation running the vulnerable service had no firewall activated in the tests, but since the Wonderware SuiteLink Service allows incoming connections it is assumed that the corresponding port should be allowed to receive inbound session establishment packets. Core offers the vendor the opportunity to include additional information in the "vendor information" section of the advisory. Core explains that the advisory will be published on Core's website and sent to security mailing lists. Core also reminds the vendor that the publication date of the advisory has been moved from February 25th to March 24th, and explains that it is willing to discuss a new publication date on the basis of having concrete plans, with a specific date for the fix release. 2008-03-21: Vendor indicates that it will be unable to commit to releasing fixes by March 24th and requests publication of the advisory to be delayed to create a fix for vulnerable customers. The development team is investigating how long it will take to make such a fix available. The vendor indicates that the previous questions about firewall setup referred to the vendor's recommended practices to secure networks on which their systems run using firewalls and IPsec. 2008-03-21: Vendor indicates that it is issuing a Tech Alert to its customers to address the issue. Details about the vulnerability have been minimized in the Tech Alert. The vendor expresses concern about the level of detail included in Core's advisory and requests that those details be removed from the advisory because they give more detail than what is needed to make people aware of the issue, and may lend itself to use by people who might want to exploit it. Early estimates put the delivery time for a fix at approximately three months, and the estimate is not final. Vendor asks Core to delay any publication until it is able to have a software fix ready. 2008-03-21: Core asks if the three-month estimate should be assumed to have begun since the vendor's initial acknowledgement of Core's notification -- which puts the estimated date for the release of a fix at the end of May -- or since the date of the last email received (fix released at the end of June). Core indicates that as of today it still has no confirmation from the vendor that the vulnerability was replicated and identified, and that the fix is already under development or testing, and that is the information needed to re-schedule the publication date. Core is expecting to receive that information from the vendor, but in the meantime publication of the advisory is re-scheduled to March 31st 2008. With regards to the questions and requests about the contents of the security advisory, Core indicates that Core's technical publications are aimed at providing legitimate security practitioners worldwide with the technical details necessary to understand the nature of the security issues reported; so they are able to devise, by their own judgment, the risk mitigation approach that fits them the best. For that purpose, Core believes that it is fundamental that they have precise and accurate technical details about security issues -- as Wonderware itself has demonstrated with the request for further technical details and proof-of-concept code -- and that the whole reporting and disclosure process is transparent for scrutiny of all interested parties. 2008-03-21: Vendor acknowledges Core's email and provides a copy of the issued Technical Alert 106 and indicates that will provide more information by March 25th 2008. 2008-03-26: Vendor confirms to have replicated the issue reported and indicated that the Tech Alert 106 sent to customers confirms and recognizes the issue. The Tech Alert also points out what measures can be taken to mitigate risk. A project has been charter and is in progress to fix this issue and properly QA the fix. With regard to the contents of Core's report, it says that stating that a Denial of Service of SuiteLink communication can be created from a remote node sends a corrupted data packet seems to be sufficient to make people aware. The vendor says that is having trouble understanding what the value is in providing specific detail as to what technical issue is happening and asks for clarification to understand how this information would benefit organizations. The vendor acknowledges that the proof of concept code did help to replicate the issue and that without it, it would have needed more time to identify it from the report alone. The concern is that the details provided in the report may give a hacker a specific direction to look for the vulnerability. Finally, the vendor indicates that will have a better estimation for the rlease date of a fix by Friday March 28th, 2008. 2008-03-27: Core acknowledges the vendor's email and indicates that is looking forward to having the new estimate by Friday. 2008-03-28: Vendor informs that it has brought the estimated release date in to May 2nd. If things go well during QA, they may be able to bring that date in sooner and vendor requests that Core postpone publication until that time. 2008-03-28: Core re-schedules publication of the advisory to May 2nd 2008 and says that it considers this date final unless the vendor indicates any deviation from the current estimate with at least a week in advance of the publication date, in which case Core would re-evaluate postponing publication up to 5 working days. With regard to the previous inquiry about the advisory's content, Core states that the purpose of publishing security advisories and the rationale used to define their content is simple and hopefully, once explained, both reasonable and understandable. Core publishes advisories not only to make users aware of the existence of a given vulnerability but also to facilitate its mitigation by either official or any other means that the security community and/or the vulnerable user population may devise. In order to do so, Core has learned over the course of 13 years working in this particular field that it is fundamental to provide precise and accurate technical information about problems. It is that information that can help other security practitioners to determine how to prevent exploitation, detect attacks or to verify that a fix or workaround is actually functioning properly. Thus, Core believes that it is necessary not only to indicate the mere existence of the bug, but also to explain how to uniquely identify it in the vulnerable software (to avoid confusion with all other known bugs or to differentiate it from others that may be discovered in the future). It is also important to determine how the vulnerability could be used by potential attackers so that proper detection mechanisms can be built, for example firewall rules, or IDS and antivirus signatures. While Core recognizes that this may provide some additional data to would-be attackers, clearly it also provides preciously needed information to the defenders thus, leveling a field on which Core believes the attackers are initially at advantage. 2008-04-01: Vendor acknowledges previous email and indicates that it will provide a new update as soon as is available. 2008-04-28: Vendor informs Core that a fix for the vulnerability in SuiteLink has been released. 2008-04-28: Core acknowledges previous emails and requests an official vendor statement for the security advisory and more details about the vulnerable packages and versions. Multiple products use SuiteLink. 2008-04-30: The advisory is ready for release, but the publication date is re-scheduled to May 5th because May 1st is a public holiday in many countries (International Workers' Day) and Core does not usually publish advisories on Fridays (to avoid IT work on weekends). 2008-05-05: CORE-2008-0129 advisory is published.
References
[1] WonderWare website http://us.wonderware.com/ [2] Tech Alert 106 http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm [3] WonderWare Security Manual - Securing Industrial Control Systems
http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf
About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.
Disclaimer
The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
GPG/PGP Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIH2eAyNibggitWa0RAtlcAKCgV83vS0v4aLVTRtFmkBsEg0UPXgCdHL4p si+I8mGJwJuglh+QESsZ9ZE= =705O -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200805-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "suitelink",
"scope": "eq",
"trust": 1.9,
"vendor": "wonderware",
"version": "2.0"
},
{
"model": "intouch",
"scope": "eq",
"trust": 1.6,
"vendor": "wonderware",
"version": "8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "invensys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wonderware",
"version": null
},
{
"model": "suitelink",
"scope": "lt",
"trust": 0.8,
"vendor": "wonderware",
"version": "version 2.0 patch 01 earlier"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "intouch",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "suitelink",
"version": "2.0"
},
{
"model": "suitelink patch",
"scope": "ne",
"trust": 0.3,
"vendor": "wonderware",
"version": "2.001"
}
],
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"db": "BID",
"id": "28974"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wonderware:suitelink",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastian Muniz",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2005",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2005",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#596268",
"trust": 0.8,
"value": "3.07"
},
{
"author": "NVD",
"id": "CVE-2008-2005",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200805-037",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. Wonderware SuiteLink Crafted by TCP Denial of service when processing packets (DoS) There are vulnerabilities that may be affected. Wonderware SuiteLink Is the protocol used in the control system. Implemented this protocol Wonderware SuiteLink Service(slssvc.exe) Is Windows As a service on 5413/tcp Use to communicate. Wonderware SuiteLink Service(slssvc.exe) In TCP There is a problem with the processing of the packet, and receiving a specially crafted packet can cause a service outage.Denial of service by remote third party (DoS) There is a possibility of being attacked. WonderWare is a supplier of industrial automation and information software solutions. WonderWare has a vulnerability in processing malformed request data, which could be exploited by remote attackers to render services unavailable. WonderWare\u0027s SuiteLink service listens for connections on port 5413 / TCP. Non-authenticated client programs connected to the service can send malformed messages, and by calling the new () operator, the memory allocation operation fails and returns a null pointer. Due to the lack of error checking on the results of memory allocation operations, the program may later use null pointers as targets for memory copy operations, which may trigger memory access exceptions and terminate services. An attacker can trigger a memory allocation operation failure by specifying an oversized field in the Registration message. The following binary program segment describes the cause of the vulnerability: .text: 00405C1B mov esi, [ebp + dwLen]; Our value from packet\n\n\u00a0... \n\n\u00a0.text: 00405C20 push edi\n\n\u00a0.text: 00405C21 test esi, esi; Check value! = 0\n\n\u00a0... \n\n\u00a0.text: 00405C31 push esi; Alloc with our length\n\n\u00a0.text: 00405C32 mov [ebp + var_4], 0\n\n\u00a0.text: 00405C39 call operator new (uint); Big values return NULL\n\n\u00a0.text: 00405C3E mov ecx, esi; Memcpy with our length\n\n\u00a0.text: 00405C40 mov esi, [ebp + pDestionationAddr]\n\n\u00a0.text: 00405C43 mov [ebx + 4], eax; new result is used as dest\n\n\u00a0.text: 00405C46 mov edi, eax; address without checks. \n\n\u00a0.text: 00405C48 mov eax, ecx\n\n\u00a0.text: 00405C4A add esp, 4\n\n\u00a0.text: 00405C4D shr ecx, 2\n\n\u00a0.text: 00405C50 rep movsd; AV due to invalid\n\n\u00a0.text: 00405C52 mov ecx, eax; destination pointer. \n\n\u00a0.text: 00405C54 and ecx, 3\n\n\u00a0------------ /. Wonderware SuiteLink is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed. \nVersions prior to Wonderware SuiteLink 2.0 Patch 01 are vulnerable. \nUPDATE: References to Wonderware InTouch 8.0 have been removed; that software is not affected by this vulnerability. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nPROVIDED AND/OR DISCOVERED BY:\nSebastian Muniz, Core Security Technologies\n\nORIGINAL ADVISORY:\nWonderware (requires login):\nhttp://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm\n\nCORE-2008-0129:\nhttp://www.coresecurity.com/index.php5?module=ContentMod\u0026action=item\u0026id=2187\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://www.coresecurity.com/corelabs/\n\n Wonderware SuiteLink Denial of Service vulnerability\n\n\n*Advisory Information*\n\nTitle: Wonderware SuiteLink Denial of Service vulnerability\nAdvisory ID: CORE-2008-0129\nAdvisory URL: http://www.coresecurity.com/?action=item\u0026id=2187\nDate published: 2008-05-05\nDate of last update: 2008-05-05\nVendors contacted: Wonderware\nRelease mode: Coordinated release\n\n\n*Vulnerability Information*\n\nClass: Denial of service\nRemotely Exploitable: Yes\nLocally Exploitable: No\nBugtraq ID: 28974\t\nCVE Name: CVE-2008-2005\t\n\n\n*Vulnerability Description*\n\nWonderWare is supplier of industrial automation and information software\nsolutions. According to the company\u0027s website [1]: \"one third of the\nworld\u0027s plants run Wonderware software solutions. Having sold more than\n500,000 software licenses in over 100,000 plants worldwide, Wonderware\nhas customers in virtually every global industry - including Oil \u0026 Gas,\nFood \u0026 Beverage, Utilities, Pharmaceuticals, Electronics, Metals,\nAutomotive and more\". \n\nWonderWare offers software solutions in the areas of Production and\nPerformance Management, and Geographical SCADA and Supervisory HMI\n(Human-Machine Interface). Several of these solutions running on\nMicrosoft Windows Operating Systems use a common software component, the\nSuiteLink Service, to implement communications between components using\na proprietary protocol over TCP/IP networks. Exploitation of the\nvulnerability for remote code execution has not been proven, but it has\nnot been eliminated as a potential scenario. \n\n\n*Vulnerable Packages*\n\n. \n\n\n*Non-vulnerable Packages*\n\n. Contact WonderWare for details. \n\n\n*Vendor Information, Solutions and Workarounds*\n\nThe vendor has made a technical document available to registered\ncustomers detailing how to address this issue [2]. Additionally, an\nextensive guide detailing how to deploy and secure Industrial Control\nSystems is available at the vendor\u0027s support site [3]. \n\nVendor Statement:\n\n Wonderware, a business unit of Invensys, is committed to collaborate\nwith our customers and industry standards committees to provide secure\napplications, security best practices, deployment guidelines, tools and\nprescriptive guidance for maintaining a secure environment. A potential\ndenial of service issue on an insecure network which could have been\ninstigated by a hostile internal user has been addressed in SuiteLink\n2.0 Patch 01. More details can be found in Wonderware\u0027s Tech Alert 106\nposted on our website along with the Patch. (Please note that access to\nthe Tech Alert and the Patch will require that you register on our web\nsite.) Wonderware users interested in upgrading should contact\nWonderware or their local distributor. \n\n\n*Credits*\n\nThis vulnerability was discovered and researched by Sebastian Muniz from\nthe Exploit Writers Team (EWT) at Core Security Technologies. \n\n\n*Technical Description / Proof of Concept Code*\n\nWonderWare SuiteLink is a service that runs on Microsoft Windows\nOperating Systems listening for connections on port 5413/tcp. \n.text:00405C54 and ecx, 3\n\n- -----------/\n\n\n*Report Timeline*\n\n. 2008-01-30: Initial contact email sent by to Wonderware setting the\nestimated publication date of the advisory to February 25th. 2008-01-30: Contact email re-sent to Wonderware asking for a software\nsecurity contact for Wonderware InTouch. 2008-02-06: New email sent to Wonderware asking for a response and for\na software security contact for Wonderware InTouch. 2008-02-28: Core makes direct phone calls to Wonderware headquarters\ninforming of the previous emails and requesting acknowledgement of the\nnotification of a security vulnerability. 2008-02-28: As requested during the phone call, Core re-sends the\noriginal notification mail, stating that an advisory draft describing\nthe vulnerability is available since January 30th. The publication of\nthe advisory is re-scheduled to March 24th. 2008-02-28: Vendor acknowledges the email notification. 2008-02-28: Core sends the advisory draft to Wonderware support team. 2008-02-29: Vendor acknowledges reception of the report and states\nthat it understands the seriousness of the problem and that its\ndevelopment team will look into it. 2008-02-29: Vendor asks for a copy of the proof of concept code used\nto demonstrate the vulnerability. 2008-03-03: Core sends proof-of-concept code written in Python. 2008-03-05: Vendor asks for compiler tools required to use the PoC code. 2008-03-05: Core sends a link to http://www.python.org where a Python\ninterpreter can be downloaded. 2008-03-10: Vendor requests more information about the network and the\nfirewall settings used during the tests and inquires about conformance\n(or lack thereof) of the tested network with the vendor\u0027s security\npolicies and recommendations. 2008-03-10: Vendor asks for details about how the advisory will be\npublished. 2008-03-12: Core responds that the workstation running the vulnerable\nservice had no firewall activated in the tests, but since the Wonderware\nSuiteLink Service allows incoming connections it is assumed that the\ncorresponding port should be allowed to receive inbound session\nestablishment packets. Core offers the vendor the opportunity to include\nadditional information in the \"vendor information\" section of the\nadvisory. Core explains that the advisory will be published on Core\u0027s\nwebsite and sent to security mailing lists. Core also reminds the vendor\nthat the publication date of the advisory has been moved from February\n25th to March 24th, and explains that it is willing to discuss a new\npublication date on the basis of having concrete plans, with a specific\ndate for the fix release. 2008-03-21: Vendor indicates that it will be unable to commit to\nreleasing fixes by March 24th and requests publication of the advisory\nto be delayed to create a fix for vulnerable customers. The development\nteam is investigating how long it will take to make such a fix\navailable. The vendor indicates that the previous questions about\nfirewall setup referred to the vendor\u0027s recommended practices to secure\nnetworks on which their systems run using firewalls and IPsec. 2008-03-21: Vendor indicates that it is issuing a Tech Alert to its\ncustomers to address the issue. Details about the vulnerability have\nbeen minimized in the Tech Alert. The vendor expresses concern about the\nlevel of detail included in Core\u0027s advisory and requests that those\ndetails be removed from the advisory because they give more detail than\nwhat is needed to make people aware of the issue, and may lend itself to\nuse by people who might want to exploit it. Early estimates put the\ndelivery time for a fix at approximately three months, and the estimate\nis not final. Vendor asks Core to delay any publication until it is able\nto have a software fix ready. 2008-03-21: Core asks if the three-month estimate should be assumed to\nhave begun since the vendor\u0027s initial acknowledgement of Core\u0027s\nnotification -- which puts the estimated date for the release of a fix\nat the end of May -- or since the date of the last email received (fix\nreleased at the end of June). Core indicates that as of today it still\nhas no confirmation from the vendor that the vulnerability was\nreplicated and identified, and that the fix is already under development\nor testing, and that is the information needed to re-schedule the\npublication date. Core is expecting to receive that information from the\nvendor, but in the meantime publication of the advisory is re-scheduled\nto March 31st 2008. With regards to the questions and requests about the\ncontents of the security advisory, Core indicates that Core\u0027s technical\npublications are aimed at providing legitimate security practitioners\nworldwide with the technical details necessary to understand the nature\nof the security issues reported; so they are able to devise, by their\nown judgment, the risk mitigation approach that fits them the best. For\nthat purpose, Core believes that it is fundamental that they have\nprecise and accurate technical details about security issues -- as\nWonderware itself has demonstrated with the request for further\ntechnical details and proof-of-concept code -- and that the whole\nreporting and disclosure process is transparent for scrutiny of all\ninterested parties. 2008-03-21: Vendor acknowledges Core\u0027s email and provides a copy of\nthe issued Technical Alert 106 and indicates that will provide more\ninformation by March 25th 2008. 2008-03-26: Vendor confirms to have replicated the issue reported and\nindicated that the Tech Alert 106 sent to customers confirms and\nrecognizes the issue. The Tech Alert also points out what measures can\nbe taken to mitigate risk. A project has been charter and is in progress\nto fix this issue and properly QA the fix. With regard to the contents\nof Core\u0027s report, it says that stating that a Denial of Service of\nSuiteLink communication can be created from a remote node sends a\ncorrupted data packet seems to be sufficient to make people aware. The\nvendor says that is having trouble understanding what the value is in\nproviding specific detail as to what technical issue is happening and\nasks for clarification to understand how this information would benefit\norganizations. The vendor acknowledges that the proof of concept code\ndid help to replicate the issue and that without it, it would have\nneeded more time to identify it from the report alone. The concern is\nthat the details provided in the report may give a hacker a specific\ndirection to look for the vulnerability. Finally, the vendor indicates\nthat will have a better estimation for the rlease date of a fix by\nFriday March 28th, 2008. 2008-03-27: Core acknowledges the vendor\u0027s email and indicates that is\nlooking forward to having the new estimate by Friday. 2008-03-28: Vendor informs that it has brought the estimated release\ndate in to May 2nd. If things go well during QA, they may be able to\nbring that date in sooner and vendor requests that Core postpone\npublication until that time. 2008-03-28: Core re-schedules publication of the advisory to May 2nd\n2008 and says that it considers this date final unless the vendor\nindicates any deviation from the current estimate with at least a week\nin advance of the publication date, in which case Core would re-evaluate\npostponing publication up to 5 working days. With regard to the previous\ninquiry about the advisory\u0027s content, Core states that the purpose of\npublishing security advisories and the rationale used to define their\ncontent is simple and hopefully, once explained, both reasonable and\nunderstandable. Core publishes advisories not only to make users aware\nof the existence of a given vulnerability but also to facilitate its\nmitigation by either official or any other means that the security\ncommunity and/or the vulnerable user population may devise. In order to\ndo so, Core has learned over the course of 13 years working in this\nparticular field that it is fundamental to provide precise and accurate\ntechnical information about problems. It is that information that can\nhelp other security practitioners to determine how to prevent\nexploitation, detect attacks or to verify that a fix or workaround is\nactually functioning properly. Thus, Core believes that it is necessary\nnot only to indicate the mere existence of the bug, but also to explain\nhow to uniquely identify it in the vulnerable software (to avoid\nconfusion with all other known bugs or to differentiate it from others\nthat may be discovered in the future). It is also important to determine\nhow the vulnerability could be used by potential attackers so that\nproper detection mechanisms can be built, for example firewall rules, or\nIDS and antivirus signatures. While Core recognizes that this may\nprovide some additional data to would-be attackers, clearly it also\nprovides preciously needed information to the defenders thus, leveling a\nfield on which Core believes the attackers are initially at advantage. 2008-04-01: Vendor acknowledges previous email and indicates that it\nwill provide a new update as soon as is available. 2008-04-28: Vendor informs Core that a fix for the vulnerability in\nSuiteLink has been released. 2008-04-28: Core acknowledges previous emails and requests an official\nvendor statement for the security advisory and more details about the\nvulnerable packages and versions. Multiple\nproducts use SuiteLink. 2008-04-30: The advisory is ready for release, but the publication\ndate is re-scheduled to May 5th because May 1st is a public holiday in\nmany countries (International Workers\u0027 Day) and Core does not usually\npublish advisories on Fridays (to avoid IT work on weekends). 2008-05-05: CORE-2008-0129 advisory is published. \n\n\n*References*\n\n[1] WonderWare website http://us.wonderware.com/\n[2] Tech Alert 106\nhttp://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm\n[3] WonderWare Security Manual - Securing Industrial Control Systems\n\nhttp://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf\n\n\n*About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://www.coresecurity.com/corelabs/. \n\n\n*About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\nhttp://www.coresecurity.com. \n\n\n*Disclaimer*\n\nThe contents of this advisory are copyright (c) 2008 Core Security\nTechnologies and (c) 2008 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n*GPG/PGP Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFIH2eAyNibggitWa0RAtlcAKCgV83vS0v4aLVTRtFmkBsEg0UPXgCdHL4p\nsi+I8mGJwJuglh+QESsZ9ZE=\n=705O\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2005"
},
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"db": "BID",
"id": "28974"
},
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "66050"
},
{
"db": "PACKETSTORM",
"id": "66028"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2005",
"trust": 3.8
},
{
"db": "BID",
"id": "28974",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#596268",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "30063",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "6474",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1019966",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2008-2191",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080505 CORE-2008-0129 - WONDERWARE SUITELINK DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "6474",
"trust": 0.6
},
{
"db": "XF",
"id": "42221",
"trust": 0.6
},
{
"db": "IVD",
"id": "DD3E5AD8-23CD-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7822E1-463F-11E9-8A01-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "66050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66028",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"db": "BID",
"id": "28974"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "PACKETSTORM",
"id": "66050"
},
{
"db": "PACKETSTORM",
"id": "66028"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"id": "VAR-200805-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
}
],
"trust": 1.6043447333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
}
]
},
"last_update_date": "2025-04-10T22:57:09.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wonderware Tech Alert 106",
"trust": 0.8,
"url": "http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm"
},
{
"title": "Wonderware Security Manual - Securing Industrial Control Systems",
"trust": 0.8,
"url": "http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/28974"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/596268"
},
{
"trust": 2.5,
"url": "http://www.coresecurity.com/?action=item\u0026id=2187"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1019966"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/30063"
},
{
"trust": 1.4,
"url": "http://www.milw0rm.com/exploits/6474"
},
{
"trust": 1.0,
"url": "http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42221"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/491623/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/6474"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/30063/"
},
{
"trust": 0.8,
"url": "http://www.wonderware.com/support/web/secure/downloads/download_serve.asp?id=2355\u0026url=http://www.wonderware.com/support/mmi/registered/patchfixes/sl2.0p1.zip"
},
{
"trust": 0.8,
"url": "http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/bestpractices/wwsecgd041707"
},
{
"trust": 0.8,
"url": "http://portal.wonderware.com/sites/securitycentral/default.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2005"
},
{
"trust": 0.8,
"url": "http://jvn.jp//cert/jvnvu596268/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2005"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/42221"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/491623/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://us.wonderware.com/"
},
{
"trust": 0.3,
"url": "/archive/1/491623"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/index.php5?module=contentmod\u0026action=item\u0026id=2187"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16628/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2005"
},
{
"trust": 0.1,
"url": "http://www.python.org"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/bestpractices/wwsecgd041707_external.pdf"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "BID",
"id": "28974"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "PACKETSTORM",
"id": "66050"
},
{
"db": "PACKETSTORM",
"id": "66028"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#596268"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"db": "BID",
"id": "28974"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"db": "PACKETSTORM",
"id": "66050"
},
{
"db": "PACKETSTORM",
"id": "66028"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-04-28T00:00:00",
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"date": "2008-04-28T00:00:00",
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"date": "2008-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#596268"
},
{
"date": "2008-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"date": "2008-05-05T00:00:00",
"db": "BID",
"id": "28974"
},
{
"date": "2008-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"date": "2008-05-06T22:57:38",
"db": "PACKETSTORM",
"id": "66050"
},
{
"date": "2008-05-06T20:21:55",
"db": "PACKETSTORM",
"id": "66028"
},
{
"date": "2008-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"date": "2008-05-06T15:20:00",
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-17T00:00:00",
"db": "CERT/CC",
"id": "VU#596268"
},
{
"date": "2008-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"date": "2008-09-17T18:10:00",
"db": "BID",
"id": "28974"
},
{
"date": "2008-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001354"
},
{
"date": "2009-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200805-037"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "66028"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WonderWare SuiteLink slssvc.exe Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2008-2191"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "dd3e5ad8-23cd-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e1-463f-11e9-8a01-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-200805-037"
}
],
"trust": 1.0
}
}
VAR-200803-0054
Vulnerability from variot - Updated: 2025-04-10 21:27Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.
D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks.
The D-Link DI-524 router does not properly handle the login request sent to the web interface. If the attacker sends a long username, it will trigger a crash; if the long HTTP header is sent, it may also cause the router's web server. collapse.
The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user's browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: D-Link DI-604 "rf" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA29531
VERIFY ADVISORY: http://secunia.com/advisories/29531/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM: D-Link DI-604 Broadband Router http://secunia.com/product/11068/
DESCRIPTION: Jonas has reported a vulnerability in D-Link DI-604, which can be exploited by malicious people to conduct cross-site scripting attacks.
SOLUTION: Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY: Jonas
ORIGINAL ADVISORY: http://www.gnucitizen.org/projects/router-hacking-challenge/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-604",
"scope": null,
"trust": 1.7,
"vendor": "d link",
"version": null
},
{
"model": "di-604",
"scope": "eq",
"trust": 1.0,
"vendor": "d link",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dsl-g604t",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "di-524",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:di-604",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gareth Heyeslaurent",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-1258",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-31383",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1258",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#18419",
"trust": 0.8,
"value": "2.76"
},
{
"author": "NVD",
"id": "CVE-2008-1258",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-136",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment. \n\n\u00a0D-Link DI-524 has multiple vulnerabilities in processing user requests. Remote attackers may use these vulnerabilities to make device services unavailable or perform cross-site scripting attacks. \n\n\u00a0The D-Link DI-524 router does not properly handle the login request sent to the web interface. If the attacker sends a long username, it will trigger a crash; if the long HTTP header is sent, it may also cause the router\u0027s web server. collapse. \n\n\u00a0The D-Link DSL-G604T router did not properly filter the input passed to the var: category parameter in cgi-bin / webcm and returned it to the user, which could cause arbitrary HTML and script code to be executed in the user\u0027s browser session. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DI-604 \"rf\" Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA29531\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29531/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nD-Link DI-604 Broadband Router\nhttp://secunia.com/product/11068/\n\nDESCRIPTION:\nJonas has reported a vulnerability in D-Link DI-604, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nSOLUTION:\nFilter malicious characters and character sequences in a web proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nJonas\n\nORIGINAL ADVISORY:\nhttp://www.gnucitizen.org/projects/router-hacking-challenge/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1258"
},
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "PACKETSTORM",
"id": "64862"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1258",
"trust": 3.4
},
{
"db": "BID",
"id": "28439",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29531",
"trust": 1.8
},
{
"db": "XF",
"id": "604",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#18419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2008-5921",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "41122",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64862",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "PACKETSTORM",
"id": "64862"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"id": "VAR-200803-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31383"
}
],
"trust": 1.2214285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5921"
}
]
},
"last_update_date": "2025-04-10T21:27:20.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28439"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29531"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41122"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/static/604.php"
},
{
"trust": 0.8,
"url": "http://groups.google.com/groups?q=ers-sva-e01-1997:008.1\u0026hl=en\u0026rnum=3\u0026selm=6383r7%24kts%243%40watnews1.watson.ibm.com"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1258"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1258"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41122"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11068/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29531/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "PACKETSTORM",
"id": "64862"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#18419"
},
{
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"db": "VULHUB",
"id": "VHN-31383"
},
{
"db": "BID",
"id": "28439"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"db": "PACKETSTORM",
"id": "64862"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#18419"
},
{
"date": "2008-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31383"
},
{
"date": "2008-03-25T00:00:00",
"db": "BID",
"id": "28439"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"date": "2008-03-26T00:09:25",
"db": "PACKETSTORM",
"id": "64862"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#18419"
},
{
"date": "2008-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5921"
},
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31383"
},
{
"date": "2008-03-26T16:10:00",
"db": "BID",
"id": "28439"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002826"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-136"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM AIX nslookup fails to drop root privileges",
"sources": [
{
"db": "CERT/CC",
"id": "VU#18419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "64862"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-136"
}
],
"trust": 0.7
}
}
VAR-200710-0018
Vulnerability from variot - Updated: 2025-04-10 21:08The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers.
Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions.
1) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes.
2) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user's browser session.
3) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user's browser session.
4) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user's browser session.
5) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed.
6) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication.
7) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: '/' (slash) vectors are covered by CVE-2007-5383
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200710-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "home hub",
"scope": "lte",
"trust": 1.8,
"vendor": "bt",
"version": "6.2.6.b"
},
{
"model": "speedtouch 7g router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "speedtouch 7g router",
"scope": null,
"trust": 0.6,
"vendor": "alcatel",
"version": null
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": "home hub .b",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "6.2.2.6"
},
{
"model": "home hub",
"scope": "eq",
"trust": 0.3,
"vendor": "bt",
"version": "0"
},
{
"model": "speedtouch 7g",
"scope": null,
"trust": 0.3,
"vendor": "alcatel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:bt:home_hub",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:alcatel:speedtouch_7g_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
},
"cve": "CVE-2007-5383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-5383",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-28745",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-5383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-5383",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200710-197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-28745",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers. \n\n\u00a0Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions. \n\n\u00a01) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes. \n\n\u00a02) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user\u0027s browser session. \n\n\u00a03) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user\u0027s browser session. \n\n\u00a04) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user\u0027s browser session. \n\n\u00a05) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed. \n\n\u00a06) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication. \n\n\u00a07) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: \u0027/\u0027 (slash) vectors are covered by CVE-2007-5383",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "VULHUB",
"id": "VHN-28745"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-5383",
"trust": 3.5
},
{
"db": "BID",
"id": "25972",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3213",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-5927",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071008 BT HOME FLUB: PWNIN THE BT HOME HUB",
"trust": 0.6
},
{
"db": "XF",
"id": "41271",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-28745",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"id": "VAR-200710-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-28745"
}
],
"trust": 1.075
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "router",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-10T21:08:56.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com/alcatel/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bt.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"trust": 2.0,
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25972"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3213"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5383"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41271"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.homehub.bt.com/"
},
{
"trust": 0.3,
"url": "http://www.gnucitizen.org/blog/call-jacking"
},
{
"trust": 0.3,
"url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
},
{
"trust": 0.3,
"url": "/archive/1/481835"
},
{
"trust": 0.3,
"url": "/archive/1/486081"
},
{
"trust": 0.3,
"url": "/archive/1/517314"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"db": "VULHUB",
"id": "VHN-28745"
},
{
"db": "BID",
"id": "25972"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"date": "2007-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-28745"
},
{
"date": "2007-10-08T00:00:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"date": "2007-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"date": "2007-10-12T01:17:00",
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-5927"
},
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28745"
},
{
"date": "2011-04-04T20:05:00",
"db": "BID",
"id": "25972"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002762"
},
{
"date": "2007-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200710-197"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-5383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BT Home Hub Used in Thomson/Alcatel SpeedTouch 7G Vulnerability to gain administrator access on router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002762"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200710-197"
}
],
"trust": 0.6
}
}