Vulnerabilites related to qbik - wingate
CVE-2004-0578 (GCVE-0-2004-0578)
Vulnerability from cvelistv5
Published
2004-07-06 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=108872788123695&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.idefense.com/application/poi/display?id=113 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16589 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"name": "http://www.idefense.com/application/poi/display?id=113",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0578",
"datePublished": "2004-07-06T04:00:00",
"dateReserved": "2004-06-17T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1048 (GCVE-0-2000-1048)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5373 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:36.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wingate-view-files(5373)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5373"
},
{
"name": "20001016 Wingate 4.1 Beta A vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "wingate-view-files(5373)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5373"
},
{
"name": "20001016 Wingate 4.1 Beta A vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wingate-view-files(5373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5373"
},
{
"name": "20001016 Wingate 4.1 Beta A vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1048",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:36.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4518 (GCVE-0-2006-4518)
Vulnerability from cvelistv5
Published
2006-11-28 23:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21295 | vdb-entry, x_refsource_BID | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444 | third-party-advisory, x_refsource_IDEFENSE | |
| http://securitytracker.com/id?1017284 | vdb-entry, x_refsource_SECTRACK | |
| http://forums.qbik.com/viewtopic.php?t=4215 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30491 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4711 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/23029 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21295"
},
{
"name": "20061126 Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444"
},
{
"name": "1017284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.qbik.com/viewtopic.php?t=4215"
},
{
"name": "qbik-name-pointer-dos(30491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30491"
},
{
"name": "ADV-2006-4711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4711"
},
{
"name": "23029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21295"
},
{
"name": "20061126 Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444"
},
{
"name": "1017284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.qbik.com/viewtopic.php?t=4215"
},
{
"name": "qbik-name-pointer-dos(30491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30491"
},
{
"name": "ADV-2006-4711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4711"
},
{
"name": "23029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21295"
},
{
"name": "20061126 Qbik WinGate Compressed Name Pointer Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444"
},
{
"name": "1017284",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017284"
},
{
"name": "http://forums.qbik.com/viewtopic.php?t=4215",
"refsource": "CONFIRM",
"url": "http://forums.qbik.com/viewtopic.php?t=4215"
},
{
"name": "qbik-name-pointer-dos(30491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30491"
},
{
"name": "ADV-2006-4711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4711"
},
{
"name": "23029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4518",
"datePublished": "2006-11-28T23:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4335 (GCVE-0-2007-4335)
Vulnerability from cvelistv5
Published
2007-08-14 18:00
Modified
2024-08-07 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.harmonysecurity.com/HS-A007.html | x_refsource_MISC | |
| http://www.wingate.com/news.php?id=50 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/3001 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/25272 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/25303 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35950 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/476011/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/26412 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/2859 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.harmonysecurity.com/HS-A007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wingate.com/news.php?id=50"
},
{
"name": "3001",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3001"
},
{
"name": "25272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25272"
},
{
"name": "25303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25303"
},
{
"name": "qbik-smtp-dos(35950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950"
},
{
"name": "20070810 [HS-A007] Qbik WinGate Remote Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded"
},
{
"name": "26412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26412"
},
{
"name": "ADV-2007-2859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.harmonysecurity.com/HS-A007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wingate.com/news.php?id=50"
},
{
"name": "3001",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3001"
},
{
"name": "25272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25272"
},
{
"name": "25303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25303"
},
{
"name": "qbik-smtp-dos(35950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950"
},
{
"name": "20070810 [HS-A007] Qbik WinGate Remote Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded"
},
{
"name": "26412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26412"
},
{
"name": "ADV-2007-2859",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.harmonysecurity.com/HS-A007.html",
"refsource": "MISC",
"url": "http://www.harmonysecurity.com/HS-A007.html"
},
{
"name": "http://www.wingate.com/news.php?id=50",
"refsource": "CONFIRM",
"url": "http://www.wingate.com/news.php?id=50"
},
{
"name": "3001",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3001"
},
{
"name": "25272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25272"
},
{
"name": "25303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25303"
},
{
"name": "qbik-smtp-dos(35950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950"
},
{
"name": "20070810 [HS-A007] Qbik WinGate Remote Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded"
},
{
"name": "26412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26412"
},
{
"name": "ADV-2007-2859",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4335",
"datePublished": "2007-08-14T18:00:00",
"dateReserved": "2007-08-14T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2917 (GCVE-0-2006-2917)
Vulnerability from cvelistv5
Published
2006-07-10 19:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/secunia_research/2006-48/advisory/ | x_refsource_MISC | |
| http://www.wingate.com/download.php | x_refsource_MISC | |
| http://www.securityfocus.com/bid/18908 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20707 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/2730 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-48/advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wingate.com/download.php"
},
{
"name": "18908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18908"
},
{
"name": "20707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20707"
},
{
"name": "ADV-2006-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-48/advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wingate.com/download.php"
},
{
"name": "18908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18908"
},
{
"name": "20707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20707"
},
{
"name": "ADV-2006-2730",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-2917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-48/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-48/advisory/"
},
{
"name": "http://www.wingate.com/download.php",
"refsource": "MISC",
"url": "http://www.wingate.com/download.php"
},
{
"name": "18908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18908"
},
{
"name": "20707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20707"
},
{
"name": "ADV-2006-2730",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2006-2917",
"datePublished": "2006-07-10T19:00:00",
"dateReserved": "2006-06-08T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2926 (GCVE-0-2006-2926)
Vulnerability from cvelistv5
Published
2006-06-09 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18312 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26970 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1016239 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/20483 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2006/2182 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18312"
},
{
"name": "wingate-http-proxy-bo(26970)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970"
},
{
"name": "1016239",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016239"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html"
},
{
"name": "20483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20483"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html"
},
{
"name": "ADV-2006-2182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18312"
},
{
"name": "wingate-http-proxy-bo(26970)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970"
},
{
"name": "1016239",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016239"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html"
},
{
"name": "20483",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20483"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html"
},
{
"name": "ADV-2006-2182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18312"
},
{
"name": "wingate-http-proxy-bo(26970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970"
},
{
"name": "1016239",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016239"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html"
},
{
"name": "20483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20483"
},
{
"name": "20060607 MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html"
},
{
"name": "ADV-2006-2182",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2926",
"datePublished": "2006-06-09T10:00:00",
"dateReserved": "2006-06-09T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0441 (GCVE-0-1999-0441)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/509 | vdb-entry, x_refsource_BID | |
| http://www.eeye.com/html/Research/Advisories/AD02221999.html | third-party-advisory, x_refsource_EEYE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:41:45.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/509"
},
{
"name": "AD02221999",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD02221999.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/509"
},
{
"name": "AD02221999",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD02221999.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/509"
},
{
"name": "AD02221999",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD02221999.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0441",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:41:45.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0291 (GCVE-0-1999-0291)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cve.org/CVERecord?id=CVE-1999-0291 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:25:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cve.org/CVERecord?id=CVE-1999-0291",
"refsource": "MISC",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0291",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0577 (GCVE-0-2004-0577)
Vulnerability from cvelistv5
Published
2004-07-06 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=full-disclosure&m=108872788123695&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.idefense.com/application/poi/display?id=113 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16589 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040701 iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"name": "http://www.idefense.com/application/poi/display?id=113",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"name": "wingate-directory-traversal(16589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0577",
"datePublished": "2004-07-06T04:00:00",
"dateReserved": "2004-06-17T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0789 (GCVE-0-2004-0789)
Vulnerability from cvelistv5
Published
2005-09-01 04:00
Modified
2024-08-08 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/13145 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17997 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1012157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/11642 | vdb-entry, x_refsource_BID | |
| http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en | x_refsource_MISC | |
| http://www.posadis.org/advisories/pos_adv_006.txt | x_refsource_CONFIRM | |
| http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13145"
},
{
"name": "dns-localhost-dos(17997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"name": "1012157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012157"
},
{
"name": "11642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11642"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"name": "http://www.posadis.org/advisories/pos_adv_006.txt",
"refsource": "CONFIRM",
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0789",
"datePublished": "2005-09-01T04:00:00",
"dateReserved": "2004-08-17T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0290 (GCVE-0-1999-0290)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:11:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0290",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13866 (GCVE-0-2020-13866)
Vulnerability from cvelistv5
Published
2020-06-08 15:58
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html | x_refsource_MISC | |
| http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jun/11 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt"
},
{
"name": "20200609 WinGate v9.4.1.5998 Insecure Permissions EoP CVE-2020-13866",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T18:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt"
},
{
"name": "20200609 WinGate v9.4.1.5998 Insecure Permissions EoP CVE-2020-13866",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt"
},
{
"name": "20200609 WinGate v9.4.1.5998 Insecure Permissions EoP CVE-2020-13866",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jun/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13866",
"datePublished": "2020-06-08T15:58:11",
"dateReserved": "2020-06-04T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0802 (GCVE-0-2009-0802)
Vulnerability from cvelistv5
Published
2009-03-04 16:00
Modified
2024-09-16 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/33858 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/435052 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33858"
},
{
"name": "VU#435052",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/435052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-04T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33858"
},
{
"name": "VU#435052",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/435052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33858"
},
{
"name": "VU#435052",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0802",
"datePublished": "2009-03-04T16:00:00Z",
"dateReserved": "2009-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:39.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3606 (GCVE-0-2008-3606)
Vulnerability from cvelistv5
Published
2008-08-12 19:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30606 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020644 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/31442 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4146 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/495264/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44370 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30606"
},
{
"name": "1020644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020644"
},
{
"name": "31442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31442"
},
{
"name": "4146",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4146"
},
{
"name": "20080808 [AJECT] WinGate Email Server (IMAP) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"name": "wingate-imapserver-bo(44370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30606"
},
{
"name": "1020644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020644"
},
{
"name": "31442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31442"
},
{
"name": "4146",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4146"
},
{
"name": "20080808 [AJECT] WinGate Email Server (IMAP) vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"name": "wingate-imapserver-bo(44370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30606"
},
{
"name": "1020644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020644"
},
{
"name": "31442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31442"
},
{
"name": "4146",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4146"
},
{
"name": "20080808 [AJECT] WinGate Email Server (IMAP) vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"name": "wingate-imapserver-bo(44370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3606",
"datePublished": "2008-08-12T19:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40A0AE5B-B449-4494-828E-2FD7414F6FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E328107F-F19D-427D-A88A-17DCB58A459C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D445EB5-ED3A-4476-9395-1EFD19A9B6A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory."
},
{
"lang": "es",
"value": "Wingate 5.2.3 build 901 y 6.0 beta 2 build 942, y otras versiones como la 5.0.5, permite a atacantes remotos leer ficheros arbitraios del directorio ra\u00edz mediante un petici\u00f3n URL al directorio wingate-internal."
}
],
"id": "CVE-2004-0577",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40A0AE5B-B449-4494-828E-2FD7414F6FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E328107F-F19D-427D-A88A-17DCB58A459C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D445EB5-ED3A-4476-9395-1EFD19A9B6A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory."
},
{
"lang": "es",
"value": "WinGate 5.2.3 build 901 y 6.0 beta 2 build 942, y otras versiones como 5.0.5 permiten a atacantes remotos leer ficheros arbitrarios mediante caract\u00e9res barra (//) en el principio de una petici\u00f3n URL al directorio wingate-internal."
}
],
"id": "CVE-2004-0578",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108872788123695\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-12 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qbik | wingate | * | |
| qbik | wingate | 2.0 | |
| qbik | wingate | 2.1 | |
| qbik | wingate | 3.0 | |
| qbik | wingate | 3.0.5 | |
| qbik | wingate | 4.0.1 | |
| qbik | wingate | 4.1 | |
| qbik | wingate | 4.1.0 | |
| qbik | wingate | 4.1.1 | |
| qbik | wingate | 4.2.0 | |
| qbik | wingate | 4.3.0 | |
| qbik | wingate | 4.3.0 | |
| qbik | wingate | 4.3.0 | |
| qbik | wingate | 4.4.0 | |
| qbik | wingate | 4.4.0 | |
| qbik | wingate | 4.4.1 | |
| qbik | wingate | 4.4.2 | |
| qbik | wingate | 4.5.0 | |
| qbik | wingate | 4.5.0 | |
| qbik | wingate | 4.5.1 | |
| qbik | wingate | 4.5.2 | |
| qbik | wingate | 5.0 | |
| qbik | wingate | 5.0.0 | |
| qbik | wingate | 5.0.1 | |
| qbik | wingate | 5.0.1.766 | |
| qbik | wingate | 5.0.5 | |
| qbik | wingate | 5.1 | |
| qbik | wingate | 5.2 | |
| qbik | wingate | 5.2.2 | |
| qbik | wingate | 5.2.3 | |
| qbik | wingate | 6.0 | |
| qbik | wingate | 6.0.0.984 | |
| qbik | wingate | 6.0.1.993 | |
| qbik | wingate | 6.0.1.995 | |
| qbik | wingate | 6.0.2.1000 | |
| qbik | wingate | 6.0.2.1001 | |
| qbik | wingate | 6.0.3.1005 | |
| qbik | wingate | 6.0.4.1025 | |
| qbik | wingate | 6.1.1.1077 | |
| qbik | wingate | 6.1.2.1094 | |
| qbik | wingate | 6.1.3.1096 | |
| qbik | wingate | 6.1.4 | |
| qbik | wingate | 6.2.1 | |
| qbik | wingate | 6.2.2.1137 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D592FD10-CC88-46CD-A726-EEC5191DE725",
"versionEndIncluding": "6.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B534B6E-B856-4E7F-A8E0-582637EE6B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8E8CEE-E78A-46D5-B73D-C75CC8D088B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87714896-157D-4343-A94F-C8CCAD285EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1D98E1-EBE1-4697-906F-E29C91D9074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1:beta_a:*:*:*:*:*:*",
"matchCriteriaId": "077D0405-5288-40A6-81A8-A8C4D924723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE28B657-21EE-4F2E-8D1F-34D4E2642BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB73A60-062E-4A0B-B600-E1B4D613FE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F0BB2B5-9E9A-42FC-87A4-0BAD1F39C9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA75B20B-3510-4CF9-A74B-BA21D5527EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.3.0:beta_a:*:*:*:*:*:*",
"matchCriteriaId": "F54C4B69-397F-4322-A1AD-11AF2C7F5F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.3.0:beta_b:*:*:*:*:*:*",
"matchCriteriaId": "076063FF-B1D2-471D-ACDD-0AF3BA328069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B1AE22-2A99-4F4B-AAF6-6CBF35FEAEE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.4.0:beta_a:*:*:*:*:*:*",
"matchCriteriaId": "57726A67-AFC8-44E0-88D7-CA1C1DFA7C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49897B9F-9A10-4034-B617-1B82405FB1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8109BA-2FFF-4642-AD15-FA11CD3088AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.5.0:beta_a:*:*:*:*:*:*",
"matchCriteriaId": "E56752EB-E1F5-4132-B769-33633E1B67FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.5.0:beta_b:*:*:*:*:*:*",
"matchCriteriaId": "49465E28-E5CD-4533-8A01-8BBE868F2AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59FE243C-16F2-4C6D-BF88-FFB6CD0F29BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5A4F3B-B855-4980-93D9-347A49E68EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFAF415-0182-4F5C-A053-266AB919572F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10D7B35B-3531-4372-A338-AD8106799769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3712DA96-DD76-49E3-BA79-30105725DBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.1.766:*:*:*:*:*:*:*",
"matchCriteriaId": "F912B8D6-B915-43A7-8462-F521D44DBD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40A0AE5B-B449-4494-828E-2FD7414F6FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "109DF494-0194-473B-AF79-185D41202A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39B77B55-54BB-43D5-A0E9-13F20F7544F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36B7A6B3-8C54-4743-8C42-6B22E9AD719B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E328107F-F19D-427D-A88A-17DCB58A459C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0670C-C07E-4A84-952B-88200D2D9B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.0.984:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E6305C-F87B-4DF1-94D7-A0C63EE11E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1.993:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE5BB2B-F9CB-4CDA-9CC9-C6EF5A1FF59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1.995:*:*:*:*:*:*:*",
"matchCriteriaId": "A480A0D4-D675-4078-8F30-CD3772818303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.2.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B03DEA-B780-404E-B940-82A7086062C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.2.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CA5961-6BAC-4BE8-95A4-DBEB0596262E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.3.1005:*:*:*:*:*:*:*",
"matchCriteriaId": "ED850FD8-151C-49E7-9DF4-16B88341269B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.4.1025:*:*:*:*:*:*:*",
"matchCriteriaId": "A406438F-7E92-4579-A32B-3E3E1C4FF8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDF759C-0AAE-4760-B829-13F055AD290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*",
"matchCriteriaId": "982DE691-B50E-49B2-B4DF-EC518DFFCE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8EFCA3-2453-4272-9692-22598676DFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F3CDE-1931-4BD9-9ABD-F07543DAC113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1E8C06-4E84-4FB8-A513-D8ACC1146BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.2.2.1137:*:*:*:*:*:*:*",
"matchCriteriaId": "0C45F717-AC74-4F81-947B-0745A7F1883F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en en el servicio IMAP en Qbik WinGate 6.2.2.1137 y anteriores, permiten a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de recursos) o posiblemente, ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de un argumento largo en el comando LIST. NOTA: algunos de estos detalles se han obtenido a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-3606",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-12T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31442"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4146"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30606"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020644"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1998-02-21 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E13C7802-12EA-41D8-B145-43621072999A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost."
}
],
"id": "CVE-1999-0290",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1998-02-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-02-22 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service."
}
],
"id": "CVE-1999-0441",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-02-22T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/Research/Advisories/AD02221999.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/Research/Advisories/AD02221999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-10 19:05
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.2.1094:*:*:*:*:*:*:*",
"matchCriteriaId": "982DE691-B50E-49B2-B4DF-EC518DFFCE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.3.1096:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8EFCA3-2453-4272-9692-22598676DFC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor IMAP en WinGate 6.1.2.1094 y 6.1.3.1096, y posiblemente otras versiones anteriores a 6.1.4 Build 1099, permite a usuarios autenticados leer el correo de otros usuarios, o realizar operaciones no autorizadas en los directorios, a trav\u00e9s de las ordenes 1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, y (7) LIST."
}
],
"id": "CVE-2006-2917",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-10T19:05:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20707"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-48/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/18908"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2006/2730"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.wingate.com/download.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-48/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wingate.com/download.php"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-09 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDF759C-0AAE-4760-B829-13F055AD290C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request."
}
],
"id": "CVE-2006-2926",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-09T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20483"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016239"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18312"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046649.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26970"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 16:15
Modified
2024-11-21 05:02
Severity ?
Summary
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:9.4.1.5998:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C3B70E-196D-462E-B0C7-40283F10A113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse."
},
{
"lang": "es",
"value": "WinGate versi\u00f3n v9.4.1.5998, presenta permisos no seguros para el directorio de instalaci\u00f3n, lo que permite a usuarios locales alcanzar privilegios mediante el reemplazo de un archivo ejecutable con uno de tipo caballo de Troya"
}
],
"id": "CVE-2020-13866",
"lastModified": "2024-11-21T05:02:02.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T16:15:10.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jun/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9180C95-FF6F-4A0C-9DE0-DFF6D8387698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68FA1404-9FA2-4379-96BC-6D7970C0EAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EABEE7AB-7C45-473E-9873-0423F2249F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F66F57-6AEB-4E3C-B148-BC7D11E1EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "611AD3E5-708F-46BB-B21D-09598E1C4771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59AEEB-D524-4337-8962-B29863CBC889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15245AF-B9B6-4D46-A901-A781FC0BAF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A3E1EB-89A5-4326-8977-9B462065C39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD607D2-2B07-474B-A855-2C3319B42CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B4665-84C4-4129-9916-ABAC61B81FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4131A4A5-5D67-4522-9A6E-E708815B5B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C30DD0-C957-44BA-B44C-7B424E664B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2E24A5-A864-4F42-A053-2FDA9D09A4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0993A56D-3A68-464A-B580-BE2EC3846F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF6186E-90D1-4D22-A469-0E955D5F1EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delegate:delegate:8.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7323E750-C596-46FC-AA85-9271CC9C2CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7EA693-9873-4201-B66D-D0AC08E7F560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022F8E8E-F6A1-4782-82D0-686E6FADCF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E269F0-8CFD-45DB-AF82-F9F57EDD0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "752CC26D-33D2-43F1-A43B-E101553895C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "317134CF-981A-44CC-B068-BA762AED5EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20BAB657-CAB8-4473-9EE5-5F725F2EB1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84D1387B-91E2-4AC8-B387-B50F4D7DFDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19028501-E538-4F36-8DF7-3D2A76D86895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7173317-9F5E-4F80-A957-02084B8DC8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "297935D9-E108-4DB1-B4C8-2AC43DB6EA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "770BBF88-63D2-4AD6-B28F-5664DFFD746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45B16588-35CA-4640-8FA8-BC63D91C7416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA35F28-CAA5-4C03-ABB8-4647537CC8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAC824F-2031-4427-BF38-C32A7644D2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7884CCA6-2031-41DB-860D-AF18047AF617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dnrd:dnrd:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A906D87C-5557-4FC0-BBF3-7169EF35DEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC34DC23-117A-403E-9C87-79B1C512A5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE559DF-3874-42E7-BB5B-8968E52D7A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11068A01-20FB-4039-8919-85CF93F0FF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9435E392-AE02-48A8-9A2D-3D1593DA3DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:don_moore:mydns:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B3D730-15C0-494A-A0B6-231C9F370A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A917E7C9-BC1A-4D62-9A89-9D73A748D926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A01622-5254-4B3B-9412-771BE7400FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3A5A98-3544-4A95-8436-0DF013B22CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BECF00EC-A188-4B7F-BA51-3AAC3B4195B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:maradns:maradns:0.8.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2370B5-681D-469F-B07C-B9212A975C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pliant:pliant_dns_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA13B142-71F9-475E-A28A-DDE94BE0E7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1930E3DE-67BE-41F2-B8E3-BA8E18762C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7DD08-C349-4687-8FAF-CCD211A9C166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.6:*:*:*:*:*:*:*",
"matchCriteriaId": "981611C8-B957-428B-9500-37C60AE0E7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D34782A9-4CCB-45AD-BA23-EE98EE218B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D2517-4EAF-4DB9-B0EE-51F65671D45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.50.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA40391-39D5-4CB7-BB8E-048C4ECBC3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.0:*:*:*:*:*:*:*",
"matchCriteriaId": "135BFFE3-FF18-4462-9D19-2DF986E947DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:0.60.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD907CE8-E0CD-46AA-A9E4-3D0FA3939DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "530D1254-DC0A-4A7C-9520-D0F45B9AF278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:posadis:posadis:m5pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3BF047-0339-4064-9B3B-68E96F1AB1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1D98E1-EBE1-4697-906F-E29C91D9074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1_beta_a:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB1D7C0-E484-4441-AA68-FBA5A3309547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0670C-C07E-4A84-952B-88200D2D9B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_993:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD8E2B-37BF-4989-ABF3-9EC8E6F1C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_995:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCFB397-9F5F-42F8-ABB3-9700F100D43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:team_johnlong:raidendnsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4967B8F-D25F-4B55-842E-0C7819EDA88A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37F0C4C8-E648-4486-BFE3-23333FCFF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "56647964-82B3-4A7A-BE0D-C252654F8CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B83A6F-1996-49B7-BA76-98B83548F289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E021E51E-EA28-4E61-A08A-A590984A483E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "94ABCB8C-8EED-4635-BA54-735CA12A1F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "38C70CE1-0116-4C91-AB59-0C0D9F17099B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "44B1C47A-938B-4F9B-B4B5-88B8622DC965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E890E332-7A3B-4B6A-91B3-7FEFAF5DBA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "4830EAF7-9504-4090-8DDD-6CC6658ABFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E26AD96-7BA4-4722-B059-6444FFC2E6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E06E7446-34EC-428A-82EE-2E24F2908C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2100_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4996E0-097B-4B79-8A1C-CE55F94B8D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0200586F-7F71-47F6-8D2E-F06E1BF418E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5764F35-7F21-40D0-A3FF-8EEF97F7931D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE3CF46-91CC-4AFD-B178-48AE90E0E339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A54BC-789D-4ED2-B3BC-C42959D7FFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8A437-5AF7-448E-9AF8-D8FBA481CFE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5663D3D1-5962-4C43-B689-089EAFE25FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2110_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "34EDC537-0EFF-46EA-8368-A690480E5D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "39798220-4621-4C5D-B6A7-6639D02E0C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "05EF66A4-F7BB-40C3-9CBF-5DB8715780C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCA7249-7F8F-4A2D-B98F-6AA0ECF17D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "0E942419-3272-4267-AF23-4B6071D71277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "3848A541-4F14-4E3B-99EE-B7C5A886C541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34E980E1-62B8-4E37-AE9D-DFE033053620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2120_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "730E6E09-C0C8-4F8A-BE07-BFED00FC1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81100E37-1B99-4317-829F-B4A2278FA323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2400_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10321B16-1675-4609-8267-3971A9062AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2401_video_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "35F0E1BA-D05F-41CB-ACD9-035A6DF4735E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD73320-38DA-4606-9CEA-F0C9D5A3215F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "B8374F1E-06BC-4A9E-8666-336AACC1F5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA3F905-8AC0-42A3-AC63-BA61AE6619AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "46E11270-65DE-4C07-A103-66217691069E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B93D2AD-FA36-4A6C-AC52-6FD0F3AE6A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D109CF38-0F5F-4A20-8A4A-DBE14D7826CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6E6FEA-9D2E-4ACD-8C3A-98DA4EB1C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2420_network_camera:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "10B4A828-33F4-4FB7-9637-3C761A73AEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:axis:2460_network_dvr:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "41CB517F-BDC9-40D0-AB0D-2DFC7669E8F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet."
}
],
"id": "CVE-2004-0789",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/13145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-14 18:17
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07CB259-6976-4537-8EA4-5CC19B985725",
"versionEndIncluding": "6.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFAF415-0182-4F5C-A053-266AB919572F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F0670C-C07E-4A84-952B-88200D2D9B14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en el componente servidor SMTP de Qbik WinGate 5.x y 6.x anterior a 6.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) mediante especificadores de cadena de formato en determinados comandos inesperados, lo cual dispara una ca\u00edda durante el registro de errores."
}
],
"id": "CVE-2007-4335",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-14T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26412"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3001"
},
{
"source": "cve@mitre.org",
"url": "http://www.harmonysecurity.com/HS-A007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25272"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25303"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2859"
},
{
"source": "cve@mitre.org",
"url": "http://www.wingate.com/news.php?id=50"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.harmonysecurity.com/HS-A007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476011/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wingate.com/news.php?id=50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8E8CEE-E78A-46D5-B73D-C75CC8D088B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7BC4C8-FB7B-4A88-B97B-984D9AA8EA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1D98E1-EBE1-4697-906F-E29C91D9074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:4.1_beta_a:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB1D7C0-E484-4441-AA68-FBA5A3309547",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL."
}
],
"id": "CVE-2000-1048",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-28 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F66135DC-C6D1-426D-8E15-4B3C1D57377E",
"versionEndIncluding": "6.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop."
},
{
"lang": "es",
"value": "Qbik WinGate 6.1.4 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante una petici\u00f3n DNS con un puntero auto-referenciado a un nombre comprimido, lo cual dispara un bucle infinito."
}
],
"id": "CVE-2006-4518",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-28T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.qbik.com/viewtopic.php?t=4215"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23029"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017284"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21295"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4711"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.qbik.com/viewtopic.php?t=4215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30491"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-02-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E13C7802-12EA-41D8-B145-43621072999A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication."
}
],
"id": "CVE-1999-0291",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-02-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0291"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-04 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/435052 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/33858 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/435052 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33858 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qbik | wingate | 6.0.0 | |
| qbik | wingate | 6.0.1_build_993 | |
| qbik | wingate | 6.0.1_build_995 | |
| qbik | wingate | 6.0.2_build_1000 | |
| qbik | wingate | 6.0.2_build_1001 | |
| qbik | wingate | 6.0.3_build_1005 | |
| qbik | wingate | 6.1 | |
| qbik | wingate | 6.1.1.1077 | |
| qbik | wingate | 6.1.2 | |
| qbik | wingate | 6.1.3 | |
| qbik | wingate | 6.1.4 | |
| qbik | wingate | 6.2 | |
| qbik | wingate | 6.2.1 | |
| qbik | wingate | 6.2.2 | |
| qbik | wingate | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F7F7D9-7886-4C2E-8A79-3EAC9DF63474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_993:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD8E2B-37BF-4989-ABF3-9EC8E6F1C079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.1_build_995:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCFB397-9F5F-42F8-ABB3-9700F100D43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.2_build_1000:*:*:*:*:*:*:*",
"matchCriteriaId": "00348CE9-7290-42D8-B727-47B06D98D8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.2_build_1001:*:*:*:*:*:*:*",
"matchCriteriaId": "78495313-FD35-44C9-92B9-65EFAE0F9D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.0.3_build_1005:*:*:*:*:*:*:*",
"matchCriteriaId": "60B349F8-DE32-47AF-8110-8509ACB7164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC35C61-DF0B-4E37-AB6E-8316BB6D9A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.1.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDF759C-0AAE-4760-B829-13F055AD290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05317F4B-C1D7-435A-BEB3-AD4DF60A05C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0013128-2173-426A-9E41-1D5DB642BF66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F3CDE-1931-4BD9-9ABD-F07543DAC113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB5F0B2-42F0-4FDE-901F-6597E8C67986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1E8C06-4E84-4FB8-A513-D8ACC1146BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87271BFA-34F6-41D6-A92B-F8E1EF49AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:qbik:wingate:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A41232E5-3586-4CED-8070-7C004C06E62E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
},
{
"lang": "es",
"value": "Qbik WinGate, cuando el modo de intercepci\u00f3n transparente esta activado, utiliza una cabecera de Host HTTP para determinar un punto final remoto, lo que permite a atacantes remotos evitar el control de acceso para Flash, Java, Silverlight y probablemente otras tecnolog\u00edas, y posiblemente comunicar con sitios restringidos de redes internas a trav\u00e9s de una pagina web manipulada que causa que el cliente env\u00ede peticiones HTTP con una cabecera host modificada."
}
],
"id": "CVE-2009-0802",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-04T16:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33858"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202006-0499
Vulnerability from variot
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. WinGate There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qbik IP Management WinGate is an integrated multi-protocol proxy server for New Zealand Qbik IP Management. The product also supports functions such as e-mail servers and Internet gateways.
Qbik IP Management WinGate version 9.4.1.5998 has a security vulnerability, which is caused by the program assigning unsafe permissions to the installation directory. Local attackers can use this vulnerability to gain permission
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0499",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wingate",
"scope": "eq",
"trust": 1.8,
"vendor": "qbik",
"version": "9.4.1.5998"
},
{
"model": "ip management wingate",
"scope": "eq",
"trust": 0.6,
"vendor": "qbik",
"version": "9.4.1.5998"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:qbik:wingate",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "hyp3rlinx",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
}
],
"trust": 0.6
},
"cve": "CVE-2020-13866",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13866",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006303",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-36616",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-13866",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006303",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13866",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006303",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-36616",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-568",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. WinGate There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qbik IP Management WinGate is an integrated multi-protocol proxy server for New Zealand Qbik IP Management. The product also supports functions such as e-mail servers and Internet gateways. \n\r\n\r\nQbik IP Management WinGate version 9.4.1.5998 has a security vulnerability, which is caused by the program assigning unsafe permissions to the installation directory. Local attackers can use this vulnerability to gain permission",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13866"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "CNVD",
"id": "CNVD-2020-36616"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "157958",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2020-13866",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36616",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47335",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48573",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-568",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"id": "VAR-202006-0499",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
}
]
},
"last_update_date": "2024-11-23T23:04:19.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.wingate.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://packetstormsecurity.com/files/157958/wingate-9.4.1.5998-insecure-permissions-privilege-escalation.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/jun/11"
},
{
"trust": 1.6,
"url": "http://hyp3rlinx.altervista.org/advisories/wingate-insecure-permissions-local-privilege-escalation.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13866"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13866"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48573"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"date": "2020-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"date": "2020-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"date": "2020-06-08T16:15:10.117000",
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36616"
},
{
"date": "2020-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006303"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-568"
},
{
"date": "2024-11-21T05:02:02.277000",
"db": "NVD",
"id": "CVE-2020-13866"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WinGate Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-568"
}
],
"trust": 0.6
}
}
var-200903-0332
Vulnerability from variot
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. HTTP of Host A transparent proxy server that relays the connection destination based on the header value may be exploited by an attacker. HTTP of Host Header is RFC 2616 Multiple web sites on a web server IP Used to enable address sharing. The transparent proxy server relays the network connection regardless of the browser settings. Some transparent proxy servers Host Some of them determine the connection destination based on the header value. Flash And Java Browser plug-ins such as these restrict communication by dynamic content executed on the browser to only the site or domain where the content was placed. Attackers use dynamic content, HTTP Host You can craft header values. The proxy server Host When making a decision based on the value of the header, the attacker Host By crafting the header, you can connect to any site. Attackers conduct attacks by directing users to sites with malicious dynamic content or by embedding malicious dynamic content in sites that they believe can be trusted. This issue only affects transparent proxy servers. In addition, browser Same Origin Policy Authentication information by attackers (cookie Such ) Reuse of is considered impossible.An attacker could access websites and resources that can be reached from the proxy. These sites may also include internal resources located on the intranet. Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.
SOLUTION: As a workaround, the vendor recommends to "configure Guardian to block their internal web servers without passwords using hostname and IPaddress". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-22
http://security.gentoo.org/
Severity: Normal Title: Squid: Multiple vulnerabilities Date: September 27, 2013 Bugs: #261208, #389133, #447596, #452584, #461492, #476562, #476960 ID: 201309-22
Synopsis
Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service.
Background
Squid is a full-featured web proxy cache.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-proxy/squid < 3.2.13 >= 3.2.13
Description
Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to bypass ACL restrictions or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Squid users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.2.13"
References
[ 1 ] CVE-2009-0801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0801 [ 2 ] CVE-2011-4096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4096 [ 3 ] CVE-2012-5643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643 [ 4 ] CVE-2013-0189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0189 [ 5 ] CVE-2013-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1839 [ 6 ] CVE-2013-4115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4115 [ 7 ] CVE-2013-4123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4123
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-22.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/
Click here to trial our solutions: http://secunia.com/advisories/try_vi/
TITLE: Ziproxy HTTP "Host:" Header Security Bypass
SECUNIA ADVISORY ID: SA34018
VERIFY ADVISORY: http://secunia.com/advisories/34018/
DESCRIPTION: A security issue has been reported in Ziproxy, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to e.g. access restricted websites or bypass a browser's security context protection mechanism by sending HTTP requests with a forged HTTP "Host:" header. via active content).
The security issue is reported in version 2.6.0. Other versions may also be affected.
SOLUTION: The vendor recommends to use a proxy server with better security capabilities between clients and Ziproxy. Use a firewall to restrict access to untrusted websites.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Robert Auger, PayPal Information Risk Management team.
ORIGINAL ADVISORY: US-CERT VU#435052: http://www.kb.cert.org/vuls/id/435052
http://www.kb.cert.org/vuls/id/MAPG-7N9GN8
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
SOLUTION: The vendor has published workarounds
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200903-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.9,
"vendor": "squid",
"version": "2.7"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable2"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.7.stable5"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable1"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable5"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable3"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable13"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable12"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "2.7.stable6"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.6,
"vendor": "squid",
"version": "3.0_stable4"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "3.0_stable6"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "3.0_pre3"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "3.0_pre1"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "3.0_stable7"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 1.0,
"vendor": "squid",
"version": "3.0_pre2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "astaro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet initiative",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qbik new zealand",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smoothwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "squid",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ziproxy",
"version": null
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "1.x to 3.1"
},
{
"model": "squid",
"scope": "eq",
"trust": 0.8,
"vendor": "squid cache",
"version": "3.2 to 3.2.0.10"
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 ~ 2.20"
},
{
"model": "seil/plus",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.83 ~ 2.00"
},
{
"model": "seil/turbo",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.83 ~ 2.00"
},
{
"model": "seil/x1,x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 ~ 2.20"
},
{
"model": "ziproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ziproxy",
"version": "2.6"
},
{
"model": "mac orchard dansguardian",
"scope": "eq",
"trust": 0.3,
"vendor": "the",
"version": "0"
},
{
"model": "web proxy cache pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache 3.0.stable7",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable4",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable3",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable2",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable13",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable12",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable1",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 2.7.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 2.7.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "smoothguardian",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "2008"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.5.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2.1"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.4.1099"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.3.1096"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.2.1094"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.1.1077"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.31005"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21001"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21000"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1995"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1993"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.0"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "utm",
"scope": "eq",
"trust": 0.3,
"vendor": "funkwerk",
"version": "0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "bloxx",
"scope": "eq",
"trust": 0.3,
"vendor": "bloxx",
"version": "0"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.404"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.402"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.302"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.301"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.3"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.006"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.005"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7"
},
{
"model": "ziproxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ziproxy",
"version": "2.7"
},
{
"model": "mac orchard dansguardian",
"scope": "ne",
"trust": 0.3,
"vendor": "the",
"version": "2.10.1.1"
},
{
"model": "utm",
"scope": "ne",
"trust": 0.3,
"vendor": "funkwerk",
"version": "1.95.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:squid-cache:squid",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Auger from the PayPal Information Risk Management team",
"sources": [
{
"db": "BID",
"id": "33858"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
}
],
"trust": 0.9
},
"cve": "CVE-2009-0801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2009-0801",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0801",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#435052",
"trust": 0.8,
"value": "3.54"
},
{
"author": "NVD",
"id": "CVE-2009-0801",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200903-067",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0801",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. HTTP of Host A transparent proxy server that relays the connection destination based on the header value may be exploited by an attacker. HTTP of Host Header is RFC 2616 Multiple web sites on a web server IP Used to enable address sharing. The transparent proxy server relays the network connection regardless of the browser settings. Some transparent proxy servers Host Some of them determine the connection destination based on the header value. Flash And Java Browser plug-ins such as these restrict communication by dynamic content executed on the browser to only the site or domain where the content was placed. Attackers use dynamic content, HTTP Host You can craft header values. The proxy server Host When making a decision based on the value of the header, the attacker Host By crafting the header, you can connect to any site. Attackers conduct attacks by directing users to sites with malicious dynamic content or by embedding malicious dynamic content in sites that they believe can be trusted. This issue only affects transparent proxy servers. In addition, browser Same Origin Policy Authentication information by attackers (cookie Such ) Reuse of is considered impossible.An attacker could access websites and resources that can be reached from the proxy. These sites may also include internal resources located on the intranet. \nAttackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible. \n\nSOLUTION:\nAs a workaround, the vendor recommends to \"configure Guardian to\nblock their internal web servers without passwords using hostname and\nIPaddress\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201309-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Squid: Multiple vulnerabilities\n Date: September 27, 2013\n Bugs: #261208, #389133, #447596, #452584, #461492, #476562, #476960\n ID: 201309-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Squid, possibly resulting\nin remote Denial of Service. \n\nBackground\n==========\n\nSquid is a full-featured web proxy cache. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-proxy/squid \u003c 3.2.13 \u003e= 3.2.13\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Squid. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to bypass ACL restrictions or cause a\nDenial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Squid users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-proxy/squid-3.2.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-0801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0801\n[ 2 ] CVE-2011-4096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4096\n[ 3 ] CVE-2012-5643\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5643\n[ 4 ] CVE-2013-0189\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0189\n[ 5 ] CVE-2013-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1839\n[ 6 ] CVE-2013-4115\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4115\n[ 7 ] CVE-2013-4123\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4123\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201309-22.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nZiproxy HTTP \"Host:\" Header Security Bypass\n\nSECUNIA ADVISORY ID:\nSA34018\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34018/\n\nDESCRIPTION:\nA security issue has been reported in Ziproxy, which can be exploited\nby malicious people to bypass certain security restrictions. This can be\nexploited to e.g. access restricted websites or bypass a browser\u0027s\nsecurity context protection mechanism by sending HTTP requests with a\nforged HTTP \"Host:\" header. via active content). \n\nThe security issue is reported in version 2.6.0. Other versions may\nalso be affected. \n\nSOLUTION:\nThe vendor recommends to use a proxy server with better security\ncapabilities between clients and Ziproxy. Use a firewall to restrict\naccess to untrusted websites. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Robert Auger, PayPal Information Risk Management\nteam. \n\nORIGINAL ADVISORY:\nUS-CERT VU#435052:\nhttp://www.kb.cert.org/vuls/id/435052\n\nhttp://www.kb.cert.org/vuls/id/MAPG-7N9GN8\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSOLUTION:\nThe vendor has published workarounds",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0801"
},
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "123423"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#435052",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2009-0801",
"trust": 2.9
},
{
"db": "BID",
"id": "33858",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34019",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2009-0500",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "34014",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34020",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34018",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34064",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2009-0801",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75373",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "123423"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"id": "VAR-200903-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2024-11-23T21:30:33.036000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u900f\u904e\u578bHTTP\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u306b\u304a\u3051\u308b\u30cf\u30f3\u30c9\u30aa\u30d5\u6a5f\u80fd\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/seilseries/security/2009/04091698.php"
},
{
"title": "SQUID-2011:1",
"trust": 0.8,
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_1.txt"
},
{
"title": "3.2.0.11",
"trust": 0.8,
"url": "http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html"
},
{
"title": "3.1.15",
"trust": 0.8,
"url": "http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html#ss1.1"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.squid-cache.org/"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-0801: HTTP Host Header Incorrect Relay Behavior Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f9283cbfd0cedb791a3109b7b4a06782"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/newtonjp/redsocks "
},
{
"title": "redsocks_for_mipsel",
"trust": 0.1,
"url": "https://github.com/SuzukiHonoka/redsocks_for_mipsel "
},
{
"title": "squid-in-a-can",
"trust": 0.1,
"url": "https://github.com/jpetazzo/squid-in-a-can "
},
{
"title": "docker-squid",
"trust": 0.1,
"url": "https://github.com/pires/docker-squid "
},
{
"title": "redsocks",
"trust": 0.1,
"url": "https://github.com/darkk/redsocks "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/33858"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/34019/"
},
{
"trust": 0.8,
"url": "http://www.thesecuritypractice.com/the_security_practice/transparentproxyabuse.pdf"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2616.txt"
},
{
"trust": 0.8,
"url": "http://www.webappsec.org/lists/websecurity/archive/2008-06/msg00073.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 0.8,
"url": "http://kb.adobe.com/selfservice/viewcontent.do?externalid=tn_14213"
},
{
"trust": 0.8,
"url": "http://www.w3.org/protocols/rfc2616/rfc2616-sec9.html"
},
{
"trust": 0.8,
"url": "http://www.owasp.org/index.php/testing_for_http_methods_and_xst_(owasp-cm-008)#black_box_testing_and_example"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/w/index.php?title=list_of_tcp_and_udp_port_numbers\u0026oldid=266934839"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0801"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu435052/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0801"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/0500"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/proxysg_in_transparent_deployments"
},
{
"trust": 0.3,
"url": "http://www.cgisecurity.com/2009/07/more-products-identified-using-vulnerable-transparent-proxy-architecture.html"
},
{
"trust": 0.3,
"url": "http://www.smoothwall.net/products/smoothguardian2008/"
},
{
"trust": 0.3,
"url": "http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.3,
"url": "http://www.wingate.com/"
},
{
"trust": 0.3,
"url": "http://ziproxy.sourceforge.net/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/newtonjp/redsocks"
},
{
"trust": 0.1,
"url": "https://github.com/suzukihonoka/redsocks_for_mipsel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=45097"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34014/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-7m6sm7"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0189"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4115"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4123"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4096"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5643"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201309-22.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4123"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0801"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4115"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5643"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34020/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34018/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-7n9gn8"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34064/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "123423"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "123423"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-23T00:00:00",
"db": "CERT/CC",
"id": "VU#435052"
},
{
"date": "2009-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"date": "2009-02-23T00:00:00",
"db": "BID",
"id": "33858"
},
{
"date": "2009-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"date": "2009-02-23T14:11:04",
"db": "PACKETSTORM",
"id": "75119"
},
{
"date": "2013-09-27T22:24:58",
"db": "PACKETSTORM",
"id": "123423"
},
{
"date": "2009-02-23T12:27:14",
"db": "PACKETSTORM",
"id": "75100"
},
{
"date": "2009-02-24T15:54:02",
"db": "PACKETSTORM",
"id": "75126"
},
{
"date": "2009-02-23T12:27:11",
"db": "PACKETSTORM",
"id": "75099"
},
{
"date": "2009-03-04T15:05:53",
"db": "PACKETSTORM",
"id": "75373"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"date": "2009-03-04T16:30:00.170000",
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#435052"
},
{
"date": "2009-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0801"
},
{
"date": "2013-09-28T00:16:00",
"db": "BID",
"id": "33858"
},
{
"date": "2011-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001094"
},
{
"date": "2009-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-067"
},
{
"date": "2024-11-21T01:00:56.707000",
"db": "NVD",
"id": "CVE-2009-0801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "123423"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intercepting proxy servers may incorrectly rely on HTTP headers to make connections",
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-067"
}
],
"trust": 0.6
}
}
var-200904-0328
Vulnerability from variot
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Proxy servers running in interception mode ("transparent" proxies) that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the destination IP address. Attackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible.
SOLUTION: As a workaround, the vendor recommends to "configure Guardian to block their internal web servers without passwords using hostname and IPaddress". ----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/
Click here to trial our solutions: http://secunia.com/advisories/try_vi/
TITLE: Ziproxy HTTP "Host:" Header Security Bypass
SECUNIA ADVISORY ID: SA34018
VERIFY ADVISORY: http://secunia.com/advisories/34018/
DESCRIPTION: A security issue has been reported in Ziproxy, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to e.g. access restricted websites or bypass a browser's security context protection mechanism by sending HTTP requests with a forged HTTP "Host:" header.
Successful exploitation requires that the attacker can forge the HTTP "Host:" header (e.g. via active content).
The security issue is reported in version 2.6.0. Other versions may also be affected.
SOLUTION: The vendor recommends to use a proxy server with better security capabilities between clients and Ziproxy. Use a firewall to restrict access to untrusted websites.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Robert Auger, PayPal Information Risk Management team.
ORIGINAL ADVISORY: US-CERT VU#435052: http://www.kb.cert.org/vuls/id/435052
http://www.kb.cert.org/vuls/id/MAPG-7N9GN8
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
SOLUTION: The vendor has published workarounds
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg sg210-10",
"scope": "eq",
"trust": 1.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg210-25",
"scope": "eq",
"trust": 1.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg510-10",
"scope": "eq",
"trust": 1.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg810-10",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg va-20",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "proxysg va-5",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "proxysg sg810-25",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg510-20",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg810-20",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg510-25",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "proxysg va-10",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "proxysg sg210-5",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg9000-5",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg9000-10",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg810-5",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg sg9000-20",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg va-15",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "proxysg sg510-5",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "astaro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "internet initiative",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qbik new zealand",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smoothwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "squid",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ziproxy",
"version": null
},
{
"model": "proxysg",
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": "proxysg va-5",
"scope": null,
"trust": 0.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg va-15",
"scope": null,
"trust": 0.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg va-10",
"scope": null,
"trust": 0.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "proxysg va-20",
"scope": null,
"trust": 0.6,
"vendor": "bluecoat",
"version": null
},
{
"model": "ziproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ziproxy",
"version": "2.6"
},
{
"model": "mac orchard dansguardian",
"scope": "eq",
"trust": 0.3,
"vendor": "the",
"version": "0"
},
{
"model": "web proxy cache pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "3.0"
},
{
"model": "web proxy cache 3.0.stable7",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable4",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable3",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable2",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable13",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable12",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 3.0.stable1",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 2.7.stable6",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache 2.7.stable5",
"scope": null,
"trust": 0.3,
"vendor": "squid",
"version": null
},
{
"model": "web proxy cache",
"scope": "eq",
"trust": 0.3,
"vendor": "squid",
"version": "2.7"
},
{
"model": "smoothguardian",
"scope": "eq",
"trust": 0.3,
"vendor": "smoothwall",
"version": "2008"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.5.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2.1"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.4.1099"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.3.1096"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.2.1094"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1.1.1077"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.31005"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21001"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21000"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1995"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1993"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.0"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.2"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "utm",
"scope": "eq",
"trust": 0.3,
"vendor": "funkwerk",
"version": "0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "bloxx",
"scope": "eq",
"trust": 0.3,
"vendor": "bloxx",
"version": "0"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.404"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.402"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.302"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.301"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.3"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.006"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7.005"
},
{
"model": "security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "astaro",
"version": "7"
},
{
"model": "ziproxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ziproxy",
"version": "2.7"
},
{
"model": "mac orchard dansguardian",
"scope": "ne",
"trust": 0.3,
"vendor": "the",
"version": "2.10.1.1"
},
{
"model": "utm",
"scope": "ne",
"trust": 0.3,
"vendor": "funkwerk",
"version": "1.95.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:bluecoat:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Auger from the PayPal Information Risk Management team",
"sources": [
{
"db": "BID",
"id": "33858"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
}
],
"trust": 0.9
},
"cve": "CVE-2009-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-1211",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-1211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#435052",
"trust": 0.8,
"value": "3.54"
},
{
"author": "NVD",
"id": "CVE-2009-1211",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-012",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. Proxy servers running in interception mode (\"transparent\" proxies) that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the \u0027Host\u0027 HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the \u0027Host\u0027 HTTP header instead of the destination IP address. \nAttackers may exploit this issue to obtain sensitive information such as internal intranet webpages. Additional attacks may also be possible. \n\nSOLUTION:\nAs a workaround, the vendor recommends to \"configure Guardian to\nblock their internal web servers without passwords using hostname and\nIPaddress\". ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nZiproxy HTTP \"Host:\" Header Security Bypass\n\nSECUNIA ADVISORY ID:\nSA34018\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34018/\n\nDESCRIPTION:\nA security issue has been reported in Ziproxy, which can be exploited\nby malicious people to bypass certain security restrictions. This can be\nexploited to e.g. access restricted websites or bypass a browser\u0027s\nsecurity context protection mechanism by sending HTTP requests with a\nforged HTTP \"Host:\" header. \n\nSuccessful exploitation requires that the attacker can forge the HTTP\n\"Host:\" header (e.g. via active content). \n\nThe security issue is reported in version 2.6.0. Other versions may\nalso be affected. \n\nSOLUTION:\nThe vendor recommends to use a proxy server with better security\ncapabilities between clients and Ziproxy. Use a firewall to restrict\naccess to untrusted websites. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Robert Auger, PayPal Information Risk Management\nteam. \n\nORIGINAL ADVISORY:\nUS-CERT VU#435052:\nhttp://www.kb.cert.org/vuls/id/435052\n\nhttp://www.kb.cert.org/vuls/id/MAPG-7N9GN8\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSOLUTION:\nThe vendor has published workarounds",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1211"
},
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1211",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#435052",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1021781",
"trust": 2.4
},
{
"db": "BID",
"id": "33858",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "34064",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2009-0582",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "34014",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34020",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34018",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "34019",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "75119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75373",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"id": "VAR-200904-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19642857
},
"last_update_date": "2024-11-23T19:39:34.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ProxySG_in_transparent_deployments",
"trust": 0.8,
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/ProxySG_in_transparent_deployments"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1021781"
},
{
"trust": 2.0,
"url": "https://hypersonic.bluecoat.com/support/securityadvisories/proxysg_in_transparent_deployments"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"trust": 0.8,
"url": "http://www.thesecuritypractice.com/the_security_practice/transparentproxyabuse.pdf"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2616.txt"
},
{
"trust": 0.8,
"url": "http://www.webappsec.org/lists/websecurity/archive/2008-06/msg00073.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/reading_room/securing_browser/"
},
{
"trust": 0.8,
"url": "http://kb.adobe.com/selfservice/viewcontent.do?externalid=tn_14213"
},
{
"trust": 0.8,
"url": "http://www.w3.org/protocols/rfc2616/rfc2616-sec9.html"
},
{
"trust": 0.8,
"url": "http://www.owasp.org/index.php/testing_for_http_methods_and_xst_(owasp-cm-008)#black_box_testing_and_example"
},
{
"trust": 0.8,
"url": "http://en.wikipedia.org/w/index.php?title=list_of_tcp_and_udp_port_numbers\u0026oldid=266934839"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1211"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu435052/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1211"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/34064"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/33858"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/0582"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://www.cgisecurity.com/2009/07/more-products-identified-using-vulnerable-transparent-proxy-architecture.html"
},
{
"trust": 0.3,
"url": "http://www.smoothwall.net/products/smoothguardian2008/"
},
{
"trust": 0.3,
"url": "http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html"
},
{
"trust": 0.3,
"url": "http://www.squid-cache.org/"
},
{
"trust": 0.3,
"url": "http://www.wingate.com/"
},
{
"trust": 0.3,
"url": "http://ziproxy.sourceforge.net/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34014/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-7m6sm7"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34020/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34018/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-7n9gn8"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34019/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34064/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#435052"
},
{
"db": "BID",
"id": "33858"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"db": "PACKETSTORM",
"id": "75119"
},
{
"db": "PACKETSTORM",
"id": "75100"
},
{
"db": "PACKETSTORM",
"id": "75126"
},
{
"db": "PACKETSTORM",
"id": "75099"
},
{
"db": "PACKETSTORM",
"id": "75373"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-23T00:00:00",
"db": "CERT/CC",
"id": "VU#435052"
},
{
"date": "2009-02-23T00:00:00",
"db": "BID",
"id": "33858"
},
{
"date": "2010-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"date": "2009-02-23T14:11:04",
"db": "PACKETSTORM",
"id": "75119"
},
{
"date": "2009-02-23T12:27:14",
"db": "PACKETSTORM",
"id": "75100"
},
{
"date": "2009-02-24T15:54:02",
"db": "PACKETSTORM",
"id": "75126"
},
{
"date": "2009-02-23T12:27:11",
"db": "PACKETSTORM",
"id": "75099"
},
{
"date": "2009-03-04T15:05:53",
"db": "PACKETSTORM",
"id": "75373"
},
{
"date": "2009-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"date": "2009-04-01T10:30:00.407000",
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-28T00:00:00",
"db": "CERT/CC",
"id": "VU#435052"
},
{
"date": "2013-09-28T00:16:00",
"db": "BID",
"id": "33858"
},
{
"date": "2010-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002544"
},
{
"date": "2009-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-012"
},
{
"date": "2024-11-21T01:01:55.193000",
"db": "NVD",
"id": "CVE-2009-1211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intercepting proxy servers may incorrectly rely on HTTP headers to make connections",
"sources": [
{
"db": "CERT/CC",
"id": "VU#435052"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-012"
}
],
"trust": 0.6
}
}
var-200412-0018
Vulnerability from variot
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. [CERT/CC VU#887766 See also ] DNS A vulnerability in the protocol implementation has been identified. Depending on the implementation, between servers Query - response A storm may occur. Also, localhost UDP 53 Port is From If a query with is sent, the server may continue to respond to the server itself and resources may be exhausted.Denial of service (denial-of-service, DoS) You can be attacked. Multiple DNS vendors are reported susceptible to a denial of service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "delegate",
"scope": "eq",
"trust": 1.9,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.3,
"vendor": "qbik",
"version": "4.0.1"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.3,
"vendor": "qbik",
"version": "3.0"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.60.1"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.60.0"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.9"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.8"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.7"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.6"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.5"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.3,
"vendor": "posadis",
"version": "0.50.4"
},
{
"model": "maradns",
"scope": "eq",
"trust": 1.3,
"vendor": "maradns",
"version": "0.8.05"
},
{
"model": "maradns",
"scope": "eq",
"trust": 1.3,
"vendor": "maradns",
"version": "0.5.31"
},
{
"model": "maradns",
"scope": "eq",
"trust": 1.3,
"vendor": "maradns",
"version": "0.5.30"
},
{
"model": "maradns",
"scope": "eq",
"trust": 1.3,
"vendor": "maradns",
"version": "0.5.29"
},
{
"model": "maradns",
"scope": "eq",
"trust": 1.3,
"vendor": "maradns",
"version": "0.5.28"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.10"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.9"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.8"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.7"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.6"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.5"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "2.0"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.4"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.3"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.2"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.1"
},
{
"model": "dnrd",
"scope": "eq",
"trust": 1.3,
"vendor": "dnrd",
"version": "1.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.4.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "8.3.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.9.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.8.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.7.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 1.3,
"vendor": "delegate",
"version": "7.7.0"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.32"
},
{
"model": "dns server",
"scope": "eq",
"trust": 1.0,
"vendor": "pliant",
"version": "*"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.34"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.33"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.40"
},
{
"model": "mydns",
"scope": "eq",
"trust": 1.0,
"vendor": "don moore",
"version": "0.8"
},
{
"model": "2400 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "3.11"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.41"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.32"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.02"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.12"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.30"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.31"
},
{
"model": "mydns",
"scope": "eq",
"trust": 1.0,
"vendor": "don moore",
"version": "0.6"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.40"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.33"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.34"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.41"
},
{
"model": "2400 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "3.12"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.12"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.0,
"vendor": "qbik",
"version": "6.0.1_build_993"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.30"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.32"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.40"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.34"
},
{
"model": "2120 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.31"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.41"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.0"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.12"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.30"
},
{
"model": "mydns",
"scope": "eq",
"trust": 1.0,
"vendor": "don moore",
"version": "0.10.0"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.0,
"vendor": "qbik",
"version": "4.1_beta_a"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.31"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.34"
},
{
"model": "mydns",
"scope": "eq",
"trust": 1.0,
"vendor": "don moore",
"version": "0.9"
},
{
"model": "2460 network dvr",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "3.12"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.01"
},
{
"model": "raidendnsd",
"scope": "eq",
"trust": 1.0,
"vendor": "team johnlong",
"version": "*"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.32"
},
{
"model": "2420 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.31"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.0,
"vendor": "posadis",
"version": "m5pre2"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.40"
},
{
"model": "mydns",
"scope": "eq",
"trust": 1.0,
"vendor": "don moore",
"version": "0.7"
},
{
"model": "2100 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.03"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.41"
},
{
"model": "2401 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "3.12"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.0,
"vendor": "qbik",
"version": "6.0.1_build_995"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.12"
},
{
"model": "posadis",
"scope": "eq",
"trust": 1.0,
"vendor": "posadis",
"version": "m5pre1"
},
{
"model": "2110 network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "axis",
"version": "2.30"
},
{
"model": "wingate",
"scope": "eq",
"trust": 1.0,
"vendor": "qbik",
"version": "6.0"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "johnlong raidendnsd",
"scope": null,
"trust": 0.3,
"vendor": "team",
"version": null
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1995"
},
{
"model": "wingate build",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.1993"
},
{
"model": "wingate",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.0"
},
{
"model": "wingate beta a",
"scope": "eq",
"trust": 0.3,
"vendor": "qbik",
"version": "4.1"
},
{
"model": "m5pre2",
"scope": null,
"trust": 0.3,
"vendor": "posadis",
"version": null
},
{
"model": "m5pre1",
"scope": null,
"trust": 0.3,
"vendor": "posadis",
"version": null
},
{
"model": "dns server",
"scope": null,
"trust": 0.3,
"vendor": "pliant",
"version": null
},
{
"model": "moore mydns",
"scope": "eq",
"trust": 0.3,
"vendor": "don",
"version": "0.10.0"
},
{
"model": "moore mydns",
"scope": "eq",
"trust": 0.3,
"vendor": "don",
"version": "0.9x"
},
{
"model": "moore mydns",
"scope": "eq",
"trust": 0.3,
"vendor": "don",
"version": "0.8x"
},
{
"model": "moore mydns",
"scope": "eq",
"trust": 0.3,
"vendor": "don",
"version": "0.7x"
},
{
"model": "moore mydns",
"scope": "eq",
"trust": 0.3,
"vendor": "don",
"version": "0.6x"
},
{
"model": "communications digital video recorder",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24603.12"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.41"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.40"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.34"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.33"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.32"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.31"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.30"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "24202.12"
},
{
"model": "communications video server",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "2401+3.12"
},
{
"model": "communications video server",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "2400+3.12"
},
{
"model": "communications video server",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "2400+3.11"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.41"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.40"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.34"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.32"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.31"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.30"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21202.12"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.41"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.40"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.34"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.32"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.31"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.30"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21102.12"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.41"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.40"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.34"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.33"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.32"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.31"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.30"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.12"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.03"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.02"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.01"
},
{
"model": "communications network camera",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "21002.0"
},
{
"model": "wingate build",
"scope": "ne",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.31005"
},
{
"model": "wingate build",
"scope": "ne",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21001"
},
{
"model": "wingate build",
"scope": "ne",
"trust": 0.3,
"vendor": "qbik",
"version": "6.0.21000"
},
{
"model": "posadis",
"scope": "ne",
"trust": 0.3,
"vendor": "posadis",
"version": "0.60.5"
},
{
"model": "posadis",
"scope": "ne",
"trust": 0.3,
"vendor": "posadis",
"version": "0.60.4"
},
{
"model": "posadis",
"scope": "ne",
"trust": 0.3,
"vendor": "posadis",
"version": "0.60.3"
},
{
"model": "posadis",
"scope": "ne",
"trust": 0.3,
"vendor": "posadis",
"version": "0.60.2"
},
{
"model": "quickdns server",
"scope": "ne",
"trust": 0.3,
"vendor": "men mice",
"version": "3.5.2"
},
{
"model": "quickdns server",
"scope": "ne",
"trust": 0.3,
"vendor": "men mice",
"version": "2.2.3"
},
{
"model": "maradns",
"scope": "ne",
"trust": 0.3,
"vendor": "maradns",
"version": "1.0.23"
},
{
"model": "maradns",
"scope": "ne",
"trust": 0.3,
"vendor": "maradns",
"version": "0.9.01"
},
{
"model": "maradns",
"scope": "ne",
"trust": 0.3,
"vendor": "maradns",
"version": "0.9.00"
},
{
"model": "maradns",
"scope": "ne",
"trust": 0.3,
"vendor": "maradns",
"version": "0.8.99"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.2.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.1.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.0.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "9.0"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.4.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.4.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.4.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.4"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.7"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.6"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.5"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.4"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.3.0"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.7"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.6"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.5"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.4"
},
{
"model": "bind beta",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.3"
},
{
"model": "bind p7",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p6",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p5",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p4",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p3",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p2",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind p1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.1.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.1.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "8.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.11"
},
{
"model": "bind ow2",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.10"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.10"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.9"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.8"
},
{
"model": "bind -t1b",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.7"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.7"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.6"
},
{
"model": "bind p1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.5"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.5"
},
{
"model": "bind p1",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.4"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.4"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9.2"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.9"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.8.3"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.8.2.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.8.1"
},
{
"model": "bind",
"scope": "ne",
"trust": 0.3,
"vendor": "isc",
"version": "4.8"
},
{
"model": "moore mydns",
"scope": "ne",
"trust": 0.3,
"vendor": "don",
"version": "0.11.0"
},
{
"model": "moore mydns",
"scope": "ne",
"trust": 0.3,
"vendor": "don",
"version": "0.10.4"
},
{
"model": "moore mydns",
"scope": "ne",
"trust": 0.3,
"vendor": "don",
"version": "0.10.3"
},
{
"model": "moore mydns",
"scope": "ne",
"trust": 0.3,
"vendor": "don",
"version": "0.10.2"
},
{
"model": "moore mydns",
"scope": "ne",
"trust": 0.3,
"vendor": "don",
"version": "0.10.1"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.17.1"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.17"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.16"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.15"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.14"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.13"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.12"
},
{
"model": "dnrd",
"scope": "ne",
"trust": 0.3,
"vendor": "dnrd",
"version": "2.11"
},
{
"model": "delegate",
"scope": "ne",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "communications digital video recorder",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "24603.13"
},
{
"model": "communications network camera",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "24202.42"
},
{
"model": "communications video server",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "2401+3.13"
},
{
"model": "communications video server",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "2400+3.13"
},
{
"model": "communications network camera",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "21202.42"
},
{
"model": "communications network camera",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "21102.42"
},
{
"model": "communications network camera",
"scope": "ne",
"trust": 0.3,
"vendor": "axis",
"version": "21002.42"
}
],
"sources": [
{
"db": "BID",
"id": "11642"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roy Arends and Jakob Schlyter are credited on the NISCC advisory. The original discoverer of this vulnerability is unknown at this time.",
"sources": [
{
"db": "BID",
"id": "11642"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
}
],
"trust": 0.9
},
"cve": "CVE-2004-0789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0789",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-9219",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0789",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2004-0789",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-718",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9219",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9219"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men \u0026 Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. [CERT/CC VU#887766 See also ] DNS A vulnerability in the protocol implementation has been identified. Depending on the implementation, between servers Query - response A storm may occur. Also, localhost UDP 53 Port is From If a query with is sent, the server may continue to respond to the server itself and resources may be exhausted.Denial of service (denial-of-service, DoS) You can be attacked. Multiple DNS vendors are reported susceptible to a denial of service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0789"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "BID",
"id": "11642"
},
{
"db": "VULHUB",
"id": "VHN-9219"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0789",
"trust": 2.8
},
{
"db": "BID",
"id": "11642",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "13145",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1012157",
"trust": 1.1
},
{
"db": "XF",
"id": "17996",
"trust": 0.8
},
{
"db": "XF",
"id": "17997",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-9219",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9219"
},
{
"db": "BID",
"id": "11642"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"id": "VAR-200412-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9219"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:40:17.853000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/11642"
},
{
"trust": 1.1,
"url": "http://www.posadis.org/advisories/pos_adv_006.txt"
},
{
"trust": 1.1,
"url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en"
},
{
"trust": 1.1,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1012157"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/13145"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0789"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/17997"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/17996"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-758884/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-0789"
},
{
"trust": 0.3,
"url": "http://www.se.axis.com/techsup/cdsrv/storpoint_cd/index.html"
},
{
"trust": 0.3,
"url": "http://www.delegate.org/delegate/"
},
{
"trust": 0.3,
"url": "http://www.delegate.org/mail-lists/delegate-en/2753"
},
{
"trust": 0.3,
"url": "http://www.maradns.org/"
},
{
"trust": 0.3,
"url": "http://mydns.bboy.net/"
},
{
"trust": 0.3,
"url": "http://mydns.bboy.net/download/changelog.html"
},
{
"trust": 0.3,
"url": "http://www.axis.com/products/camera_servers/index.htm"
},
{
"trust": 0.3,
"url": "http://www.uniras.gov.uk/vuls/2004/758884/index.htm"
},
{
"trust": 0.3,
"url": "http://pliant.cx/pliant/protocol/dns/"
},
{
"trust": 0.3,
"url": "http://posadis.sourceforge.net/"
},
{
"trust": 0.3,
"url": "http://www.posadis.org/security/pos_adv_006.txt"
},
{
"trust": 0.3,
"url": "http://wingate.deerfield.com"
},
{
"trust": 0.3,
"url": "/archive/1/381612"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9219"
},
{
"db": "BID",
"id": "11642"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9219"
},
{
"db": "BID",
"id": "11642"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9219"
},
{
"date": "2004-11-09T00:00:00",
"db": "BID",
"id": "11642"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9219"
},
{
"date": "2009-07-12T08:06:00",
"db": "BID",
"id": "11642"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000608"
},
{
"date": "2006-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-718"
},
{
"date": "2017-07-11T01:30:28.667000",
"db": "NVD",
"id": "CVE-2004-0789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DNS Vulnerability in protocol implementation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11642"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-718"
}
],
"trust": 0.9
}
}