Details of VAR-200102-0006

ID

VAR-200102-0006

CVE

CVE-2000-0895

TITLE

Watchguard SOHO Firewall is too large GET request DoS Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

DESCRIPTION

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. SOHO Firewall is an appliance firewall by Watchguard Technologies Inc. designed for Small Office/Home Office users. SOHO Firewall is susceptible to a trivial denial of service attack. Restarting the service is required in order to regain normal functionality. Watchguard has confirmed that this vulnerability could not be implemented to launch arbitrary code. Successful exploitation of this vulnerability could assist in the development of further attacks due to the elimination of a firewall defense

Trust: 1.26

sources: NVD: CVE-2000-0895 // BID: 2114 // VULHUB: VHN-2465

AFFECTED PRODUCTS

vendor:	watchguard	model:	soho firewall	scope:	eq	version:	2.1.3	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	eq	version:	1.6	Trust: 1.9
vendor:	watchguard	model:	soho firewall	scope:	ne	version:	2.2.1	Trust: 0.3

sources: BID: 2114 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-0895
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200102-074
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-2465
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2000-0895
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2465
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2465 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200102-074

EXTERNAL IDS

db:	NVD	id:	CVE-2000-0895	Trust: 2.0
db:	BID	id:	2114	Trust: 2.0
db:	OSVDB	id:	4403	Trust: 1.7
db:	CNNVD	id:	CNNVD-200102-074	Trust: 0.7
db:	ISS	id:	20001214 MULTIPLE VULNERABILITIES IN THE WATCHGUARD SOHO FIREWALL	Trust: 0.6
db:	XF	id:	5218	Trust: 0.6
db:	VULHUB	id:	VHN-2465	Trust: 0.1

sources: VULHUB: VHN-2465 // BID: 2114 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

REFERENCES

url:	http://www.securityfocus.com/bid/2114	Trust: 1.7
url:	http://xforce.iss.net/alerts/advise70.php	Trust: 1.7
url:	http://www.osvdb.org/4403	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5218	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/5218	Trust: 0.6

sources: VULHUB: VHN-2465 // CNNVD: CNNVD-200102-074 // NVD: CVE-2000-0895

CREDITS

Discovered by Steven Maks and Keith Jarvis of Internet Security Systems <xforce@iss.net> and posted to Bugtraq on December 14, 2000.

Trust: 0.9

sources: BID: 2114 // CNNVD: CNNVD-200102-074

SOURCES

db:	VULHUB	id:	VHN-2465
db:	BID	id:	2114
db:	CNNVD	id:	CNNVD-200102-074
db:	NVD	id:	CVE-2000-0895

LAST UPDATE DATE

2024-08-14T13:15:40.083000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2465	date:	2017-10-10T00:00:00
db:	BID	id:	2114	date:	2009-07-11T04:46:00
db:	CNNVD	id:	CNNVD-200102-074	date:	2006-01-18T00:00:00
db:	NVD	id:	CVE-2000-0895	date:	2017-10-10T01:29:21.670

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2465	date:	2001-02-12T00:00:00
db:	BID	id:	2114	date:	2000-12-14T00:00:00
db:	CNNVD	id:	CNNVD-200102-074	date:	2001-02-12T00:00:00
db:	NVD	id:	CVE-2000-0895	date:	2001-02-12T05:00:00