ID

VAR-200101-0071


CVE

CVE-2000-1097


TITLE

SonicWALL SOHO Service denial vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

DESCRIPTION

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. SonicWALL SOHO provides a secure internet connection for a network. SonicWALL SOHO is subject to a denial of service. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests. This vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host. There is a vulnerability in the web server of the SonicWALL SOHO firewall

Trust: 1.26

sources: NVD: CVE-2000-1097 // BID: 2013 // VULHUB: VHN-2665

AFFECTED PRODUCTS

vendor:sonicwallmodel:soho firewallscope:eqversion:5.0.0

Trust: 1.6

vendor:sonicwallmodel:soho firewallscope:eqversion:4.0.0

Trust: 1.6

vendor:sonicwallmodel:sohoscope:eqversion:5.0.0

Trust: 0.3

vendor:sonicwallmodel:sohoscope:eqversion:4.0.0

Trust: 0.3

sources: BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-1097
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200101-095
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-1097
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2665
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-2665 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200101-095

EXTERNAL IDS

db:BIDid:2013

Trust: 2.0

db:OSVDBid:1667

Trust: 1.7

db:NVDid:CVE-2000-1097

Trust: 1.7

db:CNNVDid:CNNVD-200101-095

Trust: 0.7

db:BUGTRAQid:20001201 FW: SONICWALL SOHO VULNERABILITY (FWD)

Trust: 0.6

db:BUGTRAQid:20001129 DOS IN SONICWALL SOHO FIREWALL

Trust: 0.6

db:XFid:5596

Trust: 0.6

db:VULHUBid:VHN-2665

Trust: 0.1

sources: VULHUB: VHN-2665 // BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

REFERENCES

url:http://www.securityfocus.com/bid/2013

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html

Trust: 1.7

url:http://www.osvdb.org/1667

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5596

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/5596

Trust: 0.6

url:http://www.sonicwall.com

Trust: 0.3

sources: VULHUB: VHN-2665 // BID: 2013 // CNNVD: CNNVD-200101-095 // NVD: CVE-2000-1097

CREDITS

Discovered and posted to Bugtraq by Raptor <raptor@0xdeadbeef.eu.org> on Nov 29, 2000.

Trust: 0.3

sources: BID: 2013

SOURCES

db:VULHUBid:VHN-2665
db:BIDid:2013
db:CNNVDid:CNNVD-200101-095
db:NVDid:CVE-2000-1097

LAST UPDATE DATE

2024-08-14T14:16:22.932000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-2665date:2017-10-10T00:00:00
db:BIDid:2013date:2000-11-29T00:00:00
db:CNNVDid:CNNVD-200101-095date:2005-05-02T00:00:00
db:NVDid:CVE-2000-1097date:2017-10-10T01:29:29.107

SOURCES RELEASE DATE

db:VULHUBid:VHN-2665date:2001-01-09T00:00:00
db:BIDid:2013date:2000-11-29T00:00:00
db:CNNVDid:CNNVD-200101-095date:2001-01-09T00:00:00
db:NVDid:CVE-2000-1097date:2001-01-09T05:00:00