VDB-101970 · CVE-2017-20012 · VDB-101969

WEKA INTEREST Security Scanner जोपर्यंत 1.8 Stresstest Scheme सेवा नाकारली

एक असुरक्षितता जी समस्याग्रस्त म्हणून वर्गीकृत आहे, ती WEKA INTEREST Security Scanner जोपर्यंत 1.8 मध्ये आढळली आहे. प्रभावित आहे अज्ञात फंक्शन घटक Stresstest Scheme Handler च्या. सॉफ्टवेअरमध्ये वापर सेवा नाकारली घडवून आणतो. CWE वापरून समस्या घोषित केल्याने CWE-404 कडे नेले जाते. 30/07/2007 रोजी हा बग शोधण्यात आला. कमजोरी प्रकाशित करण्यात आली होती 05/06/2017 द्वारा Marc Ruef सह scip AG म्हणून VDB-101969 म्हणून प्रवेश (VulDB). सल्ला डाउनलोडसाठी vuldb.com येथे शेअर केला आहे. सार्वजनिक प्रकाशन विक्रेत्याशी समन्वय न करता झाले. ही कमतरता CVE-2017-20012 या नावाने ओळखली जाते. हल्ला स्थानिक पातळीवर केला जावा लागतो. तांत्रिक तपशील उपलब्ध नाहीत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे उघड झाले आहे आणि वापरले जाऊ शकते. सध्याच्या घडीला अंदाजे USD $0-$5k असू शकतो. हे प्रूफ-ऑफ-कॉन्सेप्ट म्हणून घोषित केले आहे. vuldb.com या ठिकाणी शोषण डाउनलोडसाठी शेअर केले आहे. कमीत कमी 3598 दिवसांसाठी ही दुर्बलता सार्वजनिक नसलेल्या झिरो-डे शोषण म्हणून हाताळली गेली होती. 0-डे म्हणून अंदाजे अंडरग्राउंड किंमत सुमारे $0-$5k होती. ATK - Attack Tool Kit हा एक शक्य पर्याय आहे. प्रभावित घटकाला पर्यायी घटकाने बदलण्याची शिफारस केली जाते. VulDB is the best source for vulnerability data and more expert information about this specific topic.

7 बदल · 113 डेटा पॉइंट्स

शेत	अद्ययावत 2/6 28/01/2022 12:22 PM	अद्ययावत 3/6 02/03/2022 08:44 AM	अद्ययावत 4/6 07/12/2022 05:36 PM	अद्ययावत 5/6 07/12/2022 05:43 PM	अद्ययावत 6/6 06/08/2024 03:24 AM
software_vendor	WEKA	WEKA	WEKA	WEKA	WEKA
software_name	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner	INTEREST Security Scanner
software_version	<=1.8	<=1.8	<=1.8	<=1.8	<=1.8
software_component	Stresstest Handler	Stresstest Scheme Handler	Stresstest Scheme Handler	Stresstest Scheme Handler	Stresstest Scheme Handler
vulnerability_discoverydate	1185753600 (30/07/2007)	1185753600 (30/07/2007)	1185753600 (30/07/2007)	1185753600 (30/07/2007)	1185753600 (30/07/2007)
vulnerability_risk	1	1	1	1	1
vulnerability_historic	0	0	0	0	0
cvss2_vuldb_basescore	1.7	1.7	1.7	1.7	1.7
cvss2_vuldb_tempscore	1.5	1.5	1.5	1.5	1.5
cvss2_vuldb_av	L	L	L	L	L
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	N	N	N	N	N
cvss2_vuldb_ai	P	P	P	P	P
cvss3_meta_basescore	2.8	2.8	2.8	3.7	3.7
cvss3_meta_tempscore	2.7	2.7	2.7	3.7	3.7
cvss3_vuldb_basescore	2.8	2.8	2.8	2.8	2.8
cvss3_vuldb_tempscore	2.7	2.7	2.7	2.7	2.7
cvss3_vuldb_av	L	L	L	L	L
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	N	N	N	N	N
cvss3_vuldb_a	L	L	L	L	L
vulnerability_advisoryquote	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.	The stresstest module requires the url to begin with an http scheme. Without that no requests are sent over the network.
advisory_date	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)
advisory_location	VulDB	VulDB	VulDB	VulDB	VulDB
advisory_type	Entry	Entry	Entry	Entry	Entry
advisory_url	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969
advisory_identifier	ID 101969	VDB-101969	VDB-101969	VDB-101969	VDB-101969
developer_mail	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.	marc.ruef@******.
advisory_coordination	0	0	0	0	0
person_name	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef
person_mail	maru@**.	maru@**.	maru@**.	maru@**.	maru@**.
person_website	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/	http://www.computec.ch/mruef/
company_name	scip AG	scip AG	scip AG	scip AG	scip AG
advisory_advisoryquote	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.	The Attack Tool Kit (ATK) is an exploiting framwork published under GPL3. Back in 2006 there was a legal dispute between the developer Marc Ruef and the German company WEKA. Ruef claimed that WEKA violated the open-source license while they were using parts of the project within their commercial vulnerability scanner. During the technical analysis of INTEREST SEcurity Scanner several security issues, which affect the handling of the vulnerability scanner, got determined.
exploit_availability	1	1	1	1	1
exploit_date	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)	1496620800 (05/06/2017)
exploit_publicity	1	1	1	1	1
exploit_url	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969	https://vuldb.com/?id.101969
developer_name	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef	Marc Ruef
developer_website	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/	https://www.computec.ch/mruef/
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	पर्यायी	पर्यायी	पर्यायी	पर्यायी	पर्यायी
alternative_name	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit	ATK - Attack Tool Kit
source_heise	136437	136437	136437	136437	136437
source_misc	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117	http://www.computec.ch/news.php?item.117
source_seealso	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974	101969 101971 101972 101973 101974
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rl	U	U	U	U	U
cvss2_vuldb_rc	C	C	C	C	C
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	U	U	U	U	U
cvss3_vuldb_rc	C	C	C	C	C
0day_days	3598	3598	3598	3598	3598
software_type	Security Testing Software	Security Testing Software	Security Testing Software	Security Testing Software	Security Testing Software
vulnerability_cwe	CWE-404 (सेवा नाकारली)	CWE-404 (सेवा नाकारली)	CWE-404 (सेवा नाकारली)	CWE-404 (सेवा नाकारली)	CWE-404 (सेवा नाकारली)
source_cve	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012	CVE-2017-20012
cve_cna	VulDB	VulDB	VulDB	VulDB	VulDB
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1	1
cve_assigned			1643324400 (28/01/2022)	1643324400 (28/01/2022)	1643324400 (28/01/2022)
cve_nvd_summary			UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_av				L	L
cvss3_nvd_ac				L	L
cvss3_nvd_pr				L	L
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				N	N
cvss3_nvd_i				N	N
cvss3_nvd_a				H	H
cvss2_nvd_av				L	L
cvss2_nvd_ac				L	L
cvss2_nvd_au				N	N
cvss2_nvd_ci				N	N
cvss2_nvd_ii				N	N
cvss2_nvd_ai				P	P
cvss3_cna_av				L	L
cvss3_cna_ac				L	L
cvss3_cna_pr				L	L
cvss3_cna_ui				R	R
cvss3_cna_s				U	U
cvss3_cna_c				N	N
cvss3_cna_i				N	N
cvss3_cna_a				L	L
cvss2_nvd_basescore				2.1	2.1
cvss3_nvd_basescore				5.5	5.5
cvss3_cna_basescore				2.8	2.8
cve_nvd_summaryes					NO SOPORTADO CUANDO DE ASIGNÓ Se ha encontrado una vulnerabilidad clasificada como problemática en WEKA INTEREST Security Scanner versiones hasta 1.8. Está Afectado Stresstest Scheme Handler que conlleva a una denegación de servicio. El ataque debe ser abordado localmente. La explotación ha sido divulgada al público y puede ser usada. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no están soportados por el mantenedor
cvss4_vuldb_av					L
cvss4_vuldb_ac					L
cvss4_vuldb_pr					L
cvss4_vuldb_vc					N
cvss4_vuldb_vi					N
cvss4_vuldb_va					L
cvss4_vuldb_e					P
cvss4_vuldb_at					N
cvss4_vuldb_ui					N
cvss4_vuldb_sc					N
cvss4_vuldb_si					N
cvss4_vuldb_sa					N
cvss4_vuldb_bscore					4.8
cvss4_vuldb_btscore					1.9

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!