ID

VAR-200102-0006


CVE

CVE-2000-0895


TITLE

Watchguard SOHO Firewall is too large GET request DoS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

DESCRIPTION

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users. SOHO Firewall is susceptible to a trivial denial of service attack. Restarting the service is required in order to regain normal functionality. Watchguard has confirmed that this vulnerability could not be implemented to launch arbitrary code. Successful exploitation of this vulnerability could assist in the development of further attacks due to the elimination of a firewall defense

Trust: 1.26

sources: NVD: CVE-2000-0895 // BID: 2114 // VULHUB: VHN-2465

AFFECTED PRODUCTS

vendor:watchguardmodel:soho firewallscope:eqversion:2.1.3

Trust: 1.9

vendor:watchguardmodel:soho firewallscope:eqversion:1.6

Trust: 1.9

vendor:watchguardmodel:soho firewallscope:neversion:2.2.1

Trust: 0.3

sources: BID: 2114 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0895
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200102-074
value: CRITICAL

Trust: 0.6

VULHUB: VHN-2465
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2000-0895
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2465
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-2465 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

EXTERNAL IDS

db:NVDid:CVE-2000-0895

Trust: 2.0

db:BIDid:2114

Trust: 2.0

db:OSVDBid:4403

Trust: 1.7

db:CNNVDid:CNNVD-200102-074

Trust: 0.7

db:ISSid:20001214 MULTIPLE VULNERABILITIES IN THE WATCHGUARD SOHO FIREWALL

Trust: 0.6

db:XFid:5218

Trust: 0.6

db:VULHUBid:VHN-2465

Trust: 0.1

sources: VULHUB: VHN-2465 // BID: 2114 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

REFERENCES

url:http://www.securityfocus.com/bid/2114

Trust: 1.7

url:http://xforce.iss.net/alerts/advise70.php

Trust: 1.7

url:http://www.osvdb.org/4403

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5218

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/5218

Trust: 0.6

sources: VULHUB: VHN-2465 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

CREDITS

Discovered by Steven Maks and Keith Jarvis of Internet Security Systems <xforce@iss.net> and posted to Bugtraq on December 14, 2000.

Trust: 0.9

sources: BID: 2114 // CNNVD: CNNVD-200102-074

SOURCES

db:VULHUBid:VHN-2465
db:BIDid:2114
db:CNNVDid:CNNVD-200102-074
db:NVDid:CVE-2000-0895

LAST UPDATE DATE

2024-08-14T13:15:40.083000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-2465date:2017-10-10T00:00:00
db:BIDid:2114date:2009-07-11T04:46:00
db:CNNVDid:CNNVD-200102-074date:2006-01-18T00:00:00
db:NVDid:CVE-2000-0895date:2017-10-10T01:29:21.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-2465date:2001-02-12T00:00:00
db:BIDid:2114date:2000-12-14T00:00:00
db:CNNVDid:CNNVD-200102-074date:2001-02-12T00:00:00
db:NVDid:CVE-2000-0895date:2001-02-12T05:00:00