Sign-up

ID

VAR-200412-1160


CVE

CVE-2004-1907


TITLE

Kerio Personal Firewall Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-628

DESCRIPTION

The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". The issue presents itself when Web Filtering procedures handle a URI that contains certain characters. Kerio Personal Firewall is a personal desktop firewall. Kerio Personal Firewall uses a web-filter to receive URLs and return the requested content to the browser. WEB filter blocks ads, pop-ups, etc. If the submitted URL contains illegal data (like \\%13\\%12\\%13), the program will crash during processing

Trust: 1.26

sources: NVD: CVE-2004-1907 // BID: 10075 // VULHUB: VHN-10336

AFFECTED PRODUCTS

vendor:keriomodel:personal firewallscope:eqversion:4.0.10

Trust: 0.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.9

Trust: 0.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.8

Trust: 0.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.7

Trust: 0.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.6

Trust: 0.9

sources: BID: 10075 // CNNVD: CNNVD-200412-628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1907
value: LOW

Trust: 1.0

CNNVD: CNNVD-200412-628
value: LOW

Trust: 0.6

VULHUB: VHN-10336
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2004-1907
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10336
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10336 // CNNVD: CNNVD-200412-628 // NVD: CVE-2004-1907

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-628

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200412-628

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10336

EXTERNAL IDS
db:BIDid:10075
Trust: 2.0
db:NVDid:CVE-2004-1907
Trust: 1.7
db:SECUNIAid:11331
Trust: 1.7
db:CNNVDid:CNNVD-200412-628
Trust: 0.7
db:BUGTRAQid:20040407 KERIO PERSONAL FIREWALL 4.0.13 - REMOTE DOS (CRASH)
Trust: 0.6
db:BUGTRAQid:20040406 KERIO PERSONAL FIREWALL 4 AND IE 6 "BUG"
Trust: 0.6
db:XFid:15821
Trust: 0.6
db:NSFOCUSid:6293
Trust: 0.6
db:SEEBUGid:SSVID-77668
Trust: 0.1
db:EXPLOIT-DBid:23925
Trust: 0.1
db:VULHUBid:VHN-10336
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10336 // 
            
            
            
            BID: 10075 // 
            
            
            
            CNNVD: CNNVD-200412-628 // 
            
            
            
            NVD: CVE-2004-1907

REFERENCES
url:http://www.securityfocus.com/bid/10075
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html
Trust: 1.7
url:http://www.cipher.org.uk/index.php?p=advisories/hex-kerio_personal_firewall_remote_dos_7-04-2004.advisory
Trust: 1.7
url:http://secunia.com/advisories/11331
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15821
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=108137421524251&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/15821
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=108137421524251&w=2
Trust: 0.6
url:http://www.nsfocus.net/vulndb/6293
Trust: 0.6
url:http://www.kerio.com
Trust: 0.3
url:/archive/1/359693
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=108137421524251&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10336 // 
            
            
            
            BID: 10075 // 
            
            
            
            CNNVD: CNNVD-200412-628 // 
            
            
            
            NVD: CVE-2004-1907

CREDITS
Emmanouel Kellinis※ me@cipher.org.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-628

SOURCES
db:VULHUBid:VHN-10336
db:BIDid:10075
db:CNNVDid:CNNVD-200412-628
db:NVDid:CVE-2004-1907

LAST UPDATE DATE
2024-08-14T14:35:50.262000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10336date:2017-07-11T00:00:00
db:BIDid:10075date:2004-04-07T00:00:00
db:CNNVDid:CNNVD-200412-628date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1907date:2017-07-11T01:31:27.293

SOURCES RELEASE DATE
db:VULHUBid:VHN-10336date:2004-12-31T00:00:00
db:BIDid:10075date:2004-04-07T00:00:00
db:CNNVDid:CNNVD-200412-628date:2004-04-07T00:00:00
db:NVDid:CVE-2004-1907date:2004-12-31T05:00:00