Details of VAR-200101-0071

ID

VAR-200101-0071

CVE

CVE-2000-1097

TITLE

SonicWALL SOHO Service denial vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

DESCRIPTION

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. SonicWALL SOHO provides a secure internet connection for a network. SonicWALL SOHO is subject to a denial of service. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests. This vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host. There is a vulnerability in the web server of the SonicWALL SOHO firewall

Trust: 1.26

sources: NVD: CVE-2000-1097 // BID: 2013 // VULHUB: VHN-2665

AFFECTED PRODUCTS

vendor:	sonicwall	model:	soho firewall	scope:	eq	version:	5.0.0	Trust: 1.6
vendor:	sonicwall	model:	soho firewall	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	sonicwall	model:	soho	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	sonicwall	model:	soho	scope:	eq	version:	4.0.0	Trust: 0.3

sources: BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-1097
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200101-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-2665
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2000-1097
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2665
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2665 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

EXTERNAL IDS

db:	BID	id:	2013	Trust: 2.0
db:	OSVDB	id:	1667	Trust: 1.7
db:	NVD	id:	CVE-2000-1097	Trust: 1.7
db:	CNNVD	id:	CNNVD-200101-095	Trust: 0.7
db:	BUGTRAQ	id:	20001201 FW: SONICWALL SOHO VULNERABILITY (FWD)	Trust: 0.6
db:	BUGTRAQ	id:	20001129 DOS IN SONICWALL SOHO FIREWALL	Trust: 0.6
db:	XF	id:	5596	Trust: 0.6
db:	VULHUB	id:	VHN-2665	Trust: 0.1

sources: VULHUB: VHN-2665 // BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

REFERENCES

url:	http://www.securityfocus.com/bid/2013	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html	Trust: 1.7
url:	http://www.osvdb.org/1667	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5596	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/5596	Trust: 0.6
url:	http://www.sonicwall.com	Trust: 0.3

sources: VULHUB: VHN-2665 // BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

CREDITS

Discovered and posted to Bugtraq by Raptor <raptor@0xdeadbeef.eu.org> on Nov 29, 2000.

Trust: 0.3

sources: BID: 2013

SOURCES

db:	VULHUB	id:	VHN-2665
db:	BID	id:	2013
db:	CNNVD	id:	CNNVD-200101-095
db:	NVD	id:	CVE-2000-1097

LAST UPDATE DATE

2024-08-14T14:16:22.932000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2665	date:	2017-10-10T00:00:00
db:	BID	id:	2013	date:	2000-11-29T00:00:00
db:	CNNVD	id:	CNNVD-200101-095	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-1097	date:	2017-10-10T01:29:29.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2665	date:	2001-01-09T00:00:00
db:	BID	id:	2013	date:	2000-11-29T00:00:00
db:	CNNVD	id:	CNNVD-200101-095	date:	2001-01-09T00:00:00
db:	NVD	id:	CVE-2000-1097	date:	2001-01-09T05:00:00