Lucene search

K

[email protected]CVE-2007-4995

HistoryOct 13, 2007 - 1:17 a.m.

CVE-2007-4995

2007-10-1301:17:00

CWE-189

[email protected]

web.nvd.nist.gov

850

cve-2007-4995

dtls

openssl 0.9.8

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.177 Low

EPSS

Percentile

96.2%

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

opensslopensslMatch0.9.8

OR

opensslopensslMatch0.9.8a

OR

opensslopensslMatch0.9.8b

OR

opensslopensslMatch0.9.8c

OR

opensslopensslMatch0.9.8d

OR

opensslopensslMatch0.9.8e

CPENameOperatorVersion
openssl:opensslopenssleq0.9.8
openssl:opensslopenssleq0.9.8a
openssl:opensslopenssleq0.9.8b
openssl:opensslopenssleq0.9.8c
openssl:opensslopenssleq0.9.8d
openssl:opensslopenssleq0.9.8e

References

bugs.gentoo.org/show_bug.cgi?id=195634

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773

lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

secunia.com/advisories/25878

secunia.com/advisories/27205

secunia.com/advisories/27217

secunia.com/advisories/27271

secunia.com/advisories/27363

secunia.com/advisories/27434

secunia.com/advisories/27933

secunia.com/advisories/28084

secunia.com/advisories/30161

secunia.com/advisories/30220

secunia.com/advisories/30852

security.gentoo.org/glsa/glsa-200710-30.xml

securitytracker.com/id?1018810

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962

www.debian.org/security/2008/dsa-1571

www.gentoo.org/security/en/glsa/glsa-200805-07.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:237

www.openssl.org/news/secadv_20071012.txt

www.redhat.com/support/errata/RHSA-2007-0964.html

www.securityfocus.com/archive/1/482167/100/0/threaded

www.securityfocus.com/bid/26055

www.vupen.com/english/advisories/2007/3487

www.vupen.com/english/advisories/2007/4219

www.vupen.com/english/advisories/2008/1937/references

exchange.xforce.ibmcloud.com/vulnerabilities/37185

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10288

usn.ubuntu.com/534-1/

www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.177 Low

EPSS

Percentile

96.2%

Related for CVE-2007-4995

nessus17 gentoo2 seebug1 f52 openvas21 ubuntucve1 openssl1 securityvulns2 cvelist1 prion1 nvd1 debiancve1 checkpoint_security1 ubuntu1 fedora2 centos1 oraclelinux4 debian1 osv1 redhat1 lenovo2