VDB-101970 · CVE-2017-20012 · VDB-101969

WEKA INTEREST Security Scanner har 1.8 Stresstest Scheme Kari na aiki

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin WEKA INTEREST Security Scanner har 1.8. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, Stresstest Scheme Handler na cikin sashi. Ngam manipulation shi Kari na aiki. CWE shidin ka a yi bayani matsala sai ya kai CWE-404. Bug ɗin an gano shi 07/30/2007. Gaskiya, laifi an fitar da shi 06/05/2017 ta Marc Ruef da scip AG a matsayin VDB-101969 a matsayin Gumti (VulDB). Advisory ɗin ana rabawa don saukewa a vuldb.com. Public release ɗi kaɗa vendor ɗin ba a haɗa su ba. Wannan rauni ana sayar da shi da suna CVE-2017-20012. Wuroo ka a yiɗi a yi ɗum e gese. Tekinikal bayani ba ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a vuldb.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Ngamdi a yiɗi ka a sũɓi kàmbu ɗin da aka shafa da wani madadin. VulDB is the best source for vulnerability data and more expert information about this specific topic.

7 Goyarwa · 113 Datenpunkte

Furɗe	Gargadi 2/6 01/28/2022 12:22	Gargadi 3/6 03/02/2022 08:44	Gargadi 4/6 12/07/2022 17:36	Gargadi 5/6 12/07/2022 17:43	Gargadi 6/6 08/06/2024 03:24
software_vendor	WEKA	WEKA	WEKA	WEKA	WEKA
software_name	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner
software_version	<=1.8	<=1.8	<=1.8	<=1.8	<=1.8
software_component	Stresstest Handler	Stresstest Scheme Handler	Stresstest Scheme Handler	Stresstest Scheme Handler	Stresstest Scheme Handler
vulnerability_discoverydate	1185753600 (07/30/2007)	1185753600 (07/30/2007)	1185753600 (07/30/2007)	1185753600 (07/30/2007)	1185753600 (07/30/2007)
vulnerability_risk	1	1	1	1	1
vulnerability_historic	0	0	0	0	0
cvss2_vuldb_basescore	1.7	1.7	1.7	1.7	1.7
cvss2_vuldb_tempscore	1.5	1.5	1.5	1.5	1.5
cvss2_vuldb_av	L	L	L	L	L
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	N	N	N	N	N
cvss2_vuldb_ai	P	P	P	P	P
cvss3_meta_basescore	2.8	2.8	2.8	3.7	3.7
cvss3_meta_tempscore	2.7	2.7	2.7	3.7	3.7
cvss3_vuldb_basescore	2.8	2.8	2.8	2.8	2.8
cvss3_vuldb_tempscore	2.7	2.7	2.7	2.7	2.7
cvss3_vuldb_av	L	L	L	L	L
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	N	N	N	N	N
cvss3_vuldb_a	L	L	L	L	L
vulnerability_advisoryquote	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.
advisory_date	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)
advisory_location	VulDB	VulDB	VulDB	VulDB	VulDB
advisory_type	Entry	Entry	Entry	Entry	Entry
advisory_url	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969
advisory_identifier	ID 101969	VDB-101969	VDB-101969	VDB-101969	VDB-101969
developer_mail	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.
advisory_coordination	0	0	0	0	0
person_name	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef
person_mail	maru@**.	maru@**.	maru@**.	maru@**.	maru@**.
person_website	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/
company_name	scip AG	scip AG	scip AG	scip AG	scip AG
advisory_advisoryquote	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.
exploit_availability	1	1	1	1	1
exploit_date	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)	1496620800 (06/05/2017)
exploit_publicity	1	1	1	1	1
exploit_url	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969
developer_name	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef
developer_website	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Dumne	Dumne	Dumne	Dumne	Dumne
alternative_name	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit
source_heise	136437	136437	136437	136437	136437
source_misc	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117
source_seealso	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rl	U	U	U	U	U
cvss2_vuldb_rc	C	C	C	C	C
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	U	U	U	U	U
cvss3_vuldb_rc	C	C	C	C	C
0day_days	3598	3598	3598	3598	3598
software_type	Security Testing Software	Security Testing Software	Security Testing Software	Security Testing Software	Security Testing Software
vulnerability_cwe	CWE-404 (Kari na aiki)	CWE-404 (Kari na aiki)	CWE-404 (Kari na aiki)	CWE-404 (Kari na aiki)	CWE-404 (Kari na aiki)
source_cve	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012
cve_cna	VulDB	VulDB	VulDB	VulDB	VulDB
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1	1
cve_assigned			1643324400 (01/28/2022)	1643324400 (01/28/2022)	1643324400 (01/28/2022)
cve_nvd_summary			UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_av				L	L
cvss3_nvd_ac				L	L
cvss3_nvd_pr				L	L
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				N	N
cvss3_nvd_i				N	N
cvss3_nvd_a				H	H
cvss2_nvd_av				L	L
cvss2_nvd_ac				L	L
cvss2_nvd_au				N	N
cvss2_nvd_ci				N	N
cvss2_nvd_ii				N	N
cvss2_nvd_ai				P	P
cvss3_cna_av				L	L
cvss3_cna_ac				L	L
cvss3_cna_pr				L	L
cvss3_cna_ui				R	R
cvss3_cna_s				U	U
cvss3_cna_c				N	N
cvss3_cna_i				N	N
cvss3_cna_a				L	L
cvss2_nvd_basescore				2.1	2.1
cvss3_nvd_basescore				5.5	5.5
cvss3_cna_basescore				2.8	2.8
cve_nvd_summaryes					NO SOPORTADO CUANDO DE ASIGNÓ Se ha encontrado una vulnerabilidad clasificada como problemática en WEKA INTEREST Security Scanner versiones hasta 1.8. Está Afectado Stresstest Scheme Handler que conlleva a una denegación de servicio. El ataque debe ser abordado localmente. La explotación ha sido divulgada al público y puede ser usada. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no están soportados por el mantenedor
cvss4_vuldb_av					L
cvss4_vuldb_ac					L
cvss4_vuldb_pr					L
cvss4_vuldb_vc					N
cvss4_vuldb_vi					N
cvss4_vuldb_va					L
cvss4_vuldb_e					P
cvss4_vuldb_at					N
cvss4_vuldb_ui					N
cvss4_vuldb_sc					N
cvss4_vuldb_si					N
cvss4_vuldb_sa					N
cvss4_vuldb_bscore					4.8
cvss4_vuldb_btscore					1.9

◂ Gurɗo Gumti Gada ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!