Details of VAR-199908-0059

ID

VAR-199908-0059

CVE

CVE-1999-1515

TITLE

TFS Gateway 4.0 Denial of Service Vulnerability

Trust: 0.9

sources: BID: 613 // CNNVD: CNNVD-199908-060

DESCRIPTION

A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds. TFS Gateway 4.0, when configured in a specific non-default manner, is vulnerable to a remotely exploitable denial of service attack. If enough emails of sufficient size of this nature are sent it can lead to a degradation or denial of service. Vulnerabilities exist in non-default configurations in TenFour TFS Gateway version 4.0. The vulnerability caused the gateway to keep trying to return information every 10 seconds

Trust: 1.26

sources: NVD: CVE-1999-1515 // BID: 613 // VULHUB: VHN-1496

AFFECTED PRODUCTS

vendor:	tenfour	model:	tfs gateway	scope:	eq	version:	4.0	Trust: 1.6
vendor:	tfs	model:	gateway	scope:	eq	version:	4.0	Trust: 0.3
vendor:	tfs	model:	gateway build	scope:	ne	version:	4.0219	Trust: 0.3

sources: BID: 613 // CNNVD: CNNVD-199908-060 // NVD: CVE-1999-1515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1515
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-199908-060
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-1496
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-1999-1515
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1496 // CNNVD: CNNVD-199908-060 // NVD: CVE-1999-1515

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199908-060

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199908-060

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1496

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1515	Trust: 2.0
db:	BID	id:	613	Trust: 2.0
db:	CNNVD	id:	CNNVD-199908-060	Trust: 0.7
db:	XF	id:	3290	Trust: 0.6
db:	EXPLOIT-DB	id:	19477	Trust: 0.1
db:	VULHUB	id:	VHN-1496	Trust: 0.1

sources: VULHUB: VHN-1496 // BID: 613 // CNNVD: CNNVD-199908-060 // NVD: CVE-1999-1515

REFERENCES

url:	http://www.securityfocus.com/bid/613	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/3290	Trust: 1.1
url:	http://xforce.iss.net/static/3290.php	Trust: 0.6
url:	http://www.tenfour.se	Trust: 0.3

sources: VULHUB: VHN-1496 // BID: 613 // CNNVD: CNNVD-199908-060 // NVD: CVE-1999-1515

CREDITS

The credit for this vulnerability being exposed goes to "FableMan / Noxidus / #HACK on IRC-Net". The information was emailed to Security Focus on August 30, 1999.

Trust: 0.9

sources: BID: 613 // CNNVD: CNNVD-199908-060

SOURCES

db:	VULHUB	id:	VHN-1496
db:	BID	id:	613
db:	CNNVD	id:	CNNVD-199908-060
db:	NVD	id:	CVE-1999-1515

LAST UPDATE DATE

2024-08-14T14:09:18.141000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1496	date:	2017-12-19T00:00:00
db:	BID	id:	613	date:	2009-07-11T00:56:00
db:	CNNVD	id:	CNNVD-199908-060	date:	2006-09-05T00:00:00
db:	NVD	id:	CVE-1999-1515	date:	2017-12-19T02:29:09.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1496	date:	1999-08-31T00:00:00
db:	BID	id:	613	date:	1999-08-31T00:00:00
db:	CNNVD	id:	CNNVD-199908-060	date:	1999-08-31T00:00:00
db:	NVD	id:	CVE-1999-1515	date:	1999-08-31T04:00:00