cvelistv5 - CVE-2009-3023

CVE-2009-3023

Vulnerability from cvelistv5

Published

2009-08-31 20:00

Modified

2024-08-07 06:14

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
cve@mitre.org	http://www.exploit-db.com/exploits/9541	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.exploit-db.com/exploits/9559	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.kb.cert.org/vuls/id/276653	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/36189	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2481	Third Party Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/9541	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/9559	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/276653	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36189	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2481	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:55.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "975191",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
          },
          {
            "name": "oval:org.mitre.oval:def:6080",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
          },
          {
            "name": "36189",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36189"
          },
          {
            "name": "9541",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9541"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "ADV-2009-2481",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2481"
          },
          {
            "name": "MS09-053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
          },
          {
            "name": "9559",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9559"
          },
          {
            "name": "VU#276653",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/276653"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "975191",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
        },
        {
          "name": "oval:org.mitre.oval:def:6080",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
        },
        {
          "name": "36189",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36189"
        },
        {
          "name": "9541",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9541"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "ADV-2009-2481",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2481"
        },
        {
          "name": "MS09-053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
        },
        {
          "name": "9559",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9559"
        },
        {
          "name": "VU#276653",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/276653"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "975191",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
            },
            {
              "name": "oval:org.mitre.oval:def:6080",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
            },
            {
              "name": "36189",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36189"
            },
            {
              "name": "9541",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9541"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "ADV-2009-2481",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2481"
            },
            {
              "name": "MS09-053",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
            },
            {
              "name": "9559",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9559"
            },
            {
              "name": "VU#276653",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/276653"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3023",
    "datePublished": "2009-08-31T20:00:00",
    "dateReserved": "2009-08-31T00:00:00",
    "dateUpdated": "2024-08-07T06:14:55.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3023\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-31T20:30:01.077\",\"lastModified\":\"2024-11-21T01:06:19.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \\\"IIS FTP Service RCE and DoS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de un comando NLST (LISTA DE NOMBRES) dise\u00f1ado que utiliza comodines, conllevando a la corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \\\"IIS FTP Service RCE and DoS Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"D7385B58-3890-47B1-8847-F48921B46996\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"9F98AE07-3995-4501-9804-FEA5A87ADFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*\",\"matchCriteriaId\":\"87842DF1-F3AC-4585-A117-904B936D5C9F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*\",\"matchCriteriaId\":\"3A118DC8-CD3A-461F-867E-5174F24FBAE9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*\",\"matchCriteriaId\":\"1114016B-B51D-495D-96AC-A0E7992DA551\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"FFFD8C6B-7A46-484C-8701-81D58AB1C2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"AB425562-C0A0-452E-AABE-F70522F15E1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:-:*:x86:*\",\"matchCriteriaId\":\"62E01D64-DEAB-4858-9B39-B747728C3DA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:-:*\",\"matchCriteriaId\":\"0609C246-ADCB-4B39-935F-BB3229B8B6CD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"51160A46-6768-44D5-89CD-6DB9D2268A2E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:-:*\",\"matchCriteriaId\":\"BD6ACAD9-55E9-4DCC-BEA5-F042AD6E43B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*\",\"matchCriteriaId\":\"889F98DA-4266-470B-AE3D-480BDF6BADB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:*\",\"matchCriteriaId\":\"08627673-D381-4481-BD04-F56599C43105\"}]}]}],\"references\":[{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/9541\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.exploit-db.com/exploits/9559\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/276653\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/36189\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2481\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/9541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.exploit-db.com/exploits/9559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/276653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/36189\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability.". An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IIS 5.0 IIS 5.1 IIS 6.0 (denial of service only) IIS 7.0 (denial of service only) Note that Microsoft IIS 7.0 with FTP Service 7.5 is not affected. Other versions may also be affected. NOTE: This issue cannot be exploited to execute arbitrary code on IIS 6.0 or 7.0. NOTE (September 1, 2009): This issue can be exploited to execute arbitrary code with SYSTEM-level privileges on IIS 5.0. UPDATE (September 8, 2009); This issue may be related to a vulnerability reported in 1999 affecting IIS 3 and IIS 4. We will update this BID as more details emerge. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

The vulnerability is caused due to a boundary error in the FTP server when processing NLST commands. This can be exploited to cause a stack-based buffer overflow by issuing a specially crafted NLST command.

The vulnerability is confirmed as a DoS in IIS 5.1 for Windows XP SP3 and in IIS 6.0 for Windows Server 2003, and reported as code execution in IIS 5.0 for Windows 2000 SP4.

SOLUTION: Restrict access to trusted users only.

PROVIDED AND/OR DISCOVERED BY: Kingcope

ORIGINAL ADVISORY: http://milw0rm.com/exploits/9541

OTHER REFERENCES: VU#276653: http://www.kb.cert.org/vuls/id/276653

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA09-286A

Microsoft Updates for Multiple Vulnerabilities

Original release date: Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows and Windows Server
 * Microsoft Internet Explorer
 * Microsoft Office
 * Microsoft .NET Framework
 * Microsoft Silverlight
 * Microsoft SQL Server
 * Microsoft Developer Tools
 * Microsoft Forefront

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront.

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront. These bulletins are described in the Microsoft Security Bulletin Summary for October 2009.

II.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for October 2009 - http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA09-286A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-286A Feedback VU#788021" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

October 13, 2009: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW Zm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk crtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A 04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR aIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ 8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g== =sbjN -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0339",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "internet information server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "internet information server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "iis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kingcope\u203b kingcope@gmx.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-3023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2009-3023",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-3023",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#276653",
            "trust": 0.8,
            "value": "20.81"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-3023",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200908-498",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\". \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following:\nIIS 5.0\nIIS 5.1\nIIS 6.0 (denial of service only)\nIIS 7.0 (denial of service only)\nNote that Microsoft IIS 7.0 with FTP Service 7.5 is not affected. \nOther versions may also be affected. \nNOTE: This issue cannot be exploited to execute arbitrary code on IIS 6.0 or 7.0. \nNOTE (September 1, 2009): This issue can be exploited to execute arbitrary code with SYSTEM-level privileges on IIS 5.0. \nUPDATE (September 8, 2009);  This issue may be related to a vulnerability reported in 1999 affecting IIS 3 and IIS 4.  We will update this BID as more details emerge. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe vulnerability is caused due to a boundary error in the FTP server\nwhen processing NLST commands. This can be exploited to cause a\nstack-based buffer overflow by issuing a specially crafted NLST\ncommand. \n\nThe vulnerability is confirmed as a DoS in IIS 5.1 for Windows XP SP3\nand in IIS 6.0 for Windows Server 2003, and reported as code execution\nin IIS 5.0 for Windows 2000 SP4. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/9541\n\nOTHER REFERENCES:\nVU#276653:\nhttp://www.kb.cert.org/vuls/id/276653\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA09-286A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: \n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows and Windows Server\n     * Microsoft Internet Explorer\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Microsoft Silverlight\n     * Microsoft SQL Server\n     * Microsoft Developer Tools\n     * Microsoft Forefront\n\n\nOverview\n\n   Microsoft has released updates to address vulnerabilities in\n   Microsoft Windows and Windows Server, Internet Explorer, Office,\n   .NET Framework, Silverlight, SQL Server, Developer Tools, and\n   Forefront. \n\n\nI. Description\n\n   Microsoft has released multiple security bulletins for critical\n   vulnerabilities in Microsoft Windows and Windows Server, Internet\n   Explorer, Office, .NET Framework, Silverlight, SQL Server,\n   Developer Tools, and Forefront. These bulletins are described in\n   the Microsoft Security Bulletin Summary for October 2009. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates from Microsoft\n   \n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for October 2009. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for October 2009 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA09-286A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA09-286A Feedback VU#788021\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n  \n  October 13, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW\nZm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk\ncrtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A\n04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR\naIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ\n8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g==\n=sbjN\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      },
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "BID",
        "id": "36189"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#276653",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "36189",
        "trust": 2.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "9541",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA09-286A",
        "trust": 2.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "9559",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2481",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "36443",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "SA09-286A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "80892",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81977",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "id": "VAR-200908-0339",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-23T20:30:30.634000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "975191",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/975191.mspx"
      },
      {
        "title": "MS09-053",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx"
      },
      {
        "title": "975191",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/advisory/975191.mspx"
      },
      {
        "title": "MS09-053",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms09-053.mspx"
      },
      {
        "title": "MS09-053e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS09-053e.mspx"
      },
      {
        "title": "TA09-286A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-286a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/276653"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/36189"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-286a.html"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6080"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/9559"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2009/2481"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/9541"
      },
      {
        "trust": 1.1,
        "url": "http://www.microsoft.com/technet/security/advisory/975191.mspx"
      },
      {
        "trust": 1.0,
        "url": "http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq975191"
      },
      {
        "trust": 0.9,
        "url": "http://milw0rm.com/exploits/9541"
      },
      {
        "trust": 0.8,
        "url": "http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3023"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20091014-ms09-053.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-286a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu276653/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-23/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3023"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/36443"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.org/diary.html?storyid=7039"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa09-286a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;[ln];q975191"
      },
      {
        "trust": 0.3,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/att-0444/isowarez.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.offensive-security.com/blog/vulndev/microsoft-iis-ftp-5-0-remote-system-exploit/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0016.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506297"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36443/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-286a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-08-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "date": "2009-08-31T00:00:00",
        "db": "BID",
        "id": "36189"
      },
      {
        "date": "2009-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "date": "2009-09-01T07:26:38",
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "date": "2009-10-14T18:32:45",
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "date": "2009-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "date": "2009-08-31T20:30:01.077000",
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "date": "2010-10-07T08:51:00",
        "db": "BID",
        "id": "36189"
      },
      {
        "date": "2009-10-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002072"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      },
      {
        "date": "2024-11-21T01:06:19.957000",
        "db": "NVD",
        "id": "CVE-2009-3023"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-498"
      }
    ],
    "trust": 0.6
  }
}

gsd-2009-3023

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-3023

Aliases

CVE-2009-3023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3023",
    "description": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\"",
    "id": "GSD-2009-3023",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-3023"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3023"
      ],
      "details": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\"",
      "id": "GSD-2009-3023",
      "modified": "2023-12-13T01:19:49.078145Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "975191",
            "refsource": "MSKB",
            "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
          },
          {
            "name": "oval:org.mitre.oval:def:6080",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
          },
          {
            "name": "36189",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36189"
          },
          {
            "name": "9541",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/9541"
          },
          {
            "name": "TA09-286A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "ADV-2009-2481",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2481"
          },
          {
            "name": "MS09-053",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
          },
          {
            "name": "9559",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/9559"
          },
          {
            "name": "VU#276653",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/276653"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.0",
                    "versionStartIncluding": "5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:-:*:x86:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:-:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:-:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36189",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/36189"
            },
            {
              "name": "ADV-2009-2481",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2481"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "VU#276653",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/276653"
            },
            {
              "name": "oval:org.mitre.oval:def:6080",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
            },
            {
              "name": "9559",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.exploit-db.com/exploits/9559"
            },
            {
              "name": "9541",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.exploit-db.com/exploits/9541"
            },
            {
              "name": "975191",
              "refsource": "MSKB",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
            },
            {
              "name": "MS09-053",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-02-05T15:37Z",
      "publishedDate": "2009-08-31T20:30Z"
    }
  }
}

ghsa-ww4p-6452-jmh8

Vulnerability from github

Published

2022-05-02 03:40

Modified

2022-05-02 03:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-31T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka \"IIS FTP Service RCE and DoS Vulnerability.\"",
  "id": "GHSA-ww4p-6452-jmh8",
  "modified": "2022-05-02T03:40:54Z",
  "published": "2022-05-02T03:40:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3023"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/9541"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/9559"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/276653"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36189"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2481"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-3023

Vulnerability from cvelistv5

var-200908-0339

Vulnerability from variot

gsd-2009-3023

Vulnerability from gsd

ghsa-ww4p-6452-jmh8

Vulnerability from github

Tags

Sightings

Nomenclature