Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2015-7851
HistoryJan 28, 2020 - 5:15 p.m.

CVE-2015-7851

2020-01-2817:15:12
CWE-22
mitre
web.nvd.nist.gov
89
cve-2015-7851
ntp
vulnerability
directory traversal
save_config
ntpd
nvd
openvms

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '' or ‘/’ characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

Affected configurations

Nvd
Node
ntpntpRange4.2.04.2.8
OR
ntpntpRange4.3.04.3.77
OR
ntpntpMatch4.2.8p1
OR
ntpntpMatch4.2.8p1-beta1
OR
ntpntpMatch4.2.8p1-beta2
OR
ntpntpMatch4.2.8p1-beta3
OR
ntpntpMatch4.2.8p1-beta4
OR
ntpntpMatch4.2.8p1-beta5
OR
ntpntpMatch4.2.8p1-rc1
OR
ntpntpMatch4.2.8p1-rc2
OR
ntpntpMatch4.2.8p2
OR
ntpntpMatch4.2.8p2-rc1
OR
ntpntpMatch4.2.8p2-rc2
OR
ntpntpMatch4.2.8p2-rc3
OR
ntpntpMatch4.2.8p3
OR
ntpntpMatch4.2.8p3-rc1
OR
ntpntpMatch4.2.8p3-rc2
OR
ntpntpMatch4.2.8p3-rc3
VendorProductVersionCPE
ntpntp*cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
ntpntp4.2.8cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
Rows per page:
1-10 of 171

Related

f5 2
ubuntucve 1
nvd 1
talos 1
cvelist 1
nessus 13
prion 1
debiancve 1
ibm 4
freebsd_advisory 1
openvas 11
freebsd 1
arista 1
archlinux 1
cisco 1
debian 1
osv 2
slackware 1
symantec 1
suse 4
gentoo 1
ics 1
f5
f5
K17522 : NTP vulnerability CVE-2015-7851
2015-11-10 00:00:00
SOL17522 - NTP vulnerability CVE-2015-7851
2015-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-7851
2020-01-28 00:00:00
nvd
nvd
CVE-2015-7851
2020-01-28 17:15:12
talos
talos
Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
2015-10-21 00:00:00
cvelist
cvelist
CVE-2015-7851
2020-01-28 16:35:21
nessus
nessus
Rockwell Automation Stratix Network Time Protocol ntpd saveconfig Directory Traversal (CVE-2015-7851)
2023-11-15 00:00:00
SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)
2015-11-23 00:00:00
FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)
2015-10-22 00:00:00
prion
prion
Directory traversal
2020-01-28 17:15:00
debiancve
debiancve
CVE-2015-7851
2020-01-28 17:15:12
ibm
ibm
Security Bulletin: Multiple vulnerabilities impact System Storage DS8000 Hardware Management Console (HMC)
2022-05-24 17:06:20
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module
2019-01-31 02:25:02
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple vulnerabilities in ntp
2018-06-18 01:30:29
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:25.ntp
2015-10-26 00:00:00
openvas
openvas
NTP.org 'ntpd' 'decodenetnum' And 'loop counter underrun' DoS Vulnerabilities
2016-11-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2058-1)
2021-06-09 00:00:00
Multiple Vulnerabilities in ntpd Affecting Cisco Products (Oct 2015)
2016-05-09 00:00:00
freebsd
freebsd
ntp -- 13 low- and medium-severity vulnerabilities
2015-10-21 00:00:00
arista
arista
Security Advisory 0016
2015-11-05 00:00:00
archlinux
archlinux
ntp: multiple issues
2015-10-22 00:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
2015-10-21 23:00:00
debian
debian
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:05
osv
osv
ntp - security update
2015-10-28 00:00:00
ntp-4.2.8p9-1.1 on GA media
2024-06-15 00:00:00
slackware
slackware
[slackware-security] ntp
2015-10-29 22:49:05
symantec
symantec
SA103 : October 2015 NTP Security Vulnerabilities
2015-11-24 08:00:00
suse
suse
Security update for ntp (important)
2016-05-06 13:07:50
Security update for ntp (important)
2016-05-17 15:09:17
Security update for yast2-ntp-client (important)
2016-08-17 21:08:25
gentoo
gentoo
NTP: Multiple vulnerabilities
2016-07-20 00:00:00
ics
ics
Rockwell Automation Stratix 5900
2017-05-10 12:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON
Related for CVE-2015-7851
f52ubuntucve1nvd1talos1cvelist1nessus13prion1debiancve1ibm4freebsd_advisory1openvas11freebsd1arista1archlinux1cisco1debian1osv2slackware1symantec1suse4gentoo1ics1