ID

VAR-200601-0385


CVE

CVE-2006-0336


TITLE

Kerio WinRoute Firewall Web Browse denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200601-250

DESCRIPTION

Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. An attacker can exploit this vulnerability to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. There are loopholes in Kerio WinRoute's handling of specific web browsing operations, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. TITLE: Kerio WinRoute Firewall Web Browsing Denial of Service SECUNIA ADVISORY ID: SA18589 VERIFY ADVISORY: http://secunia.com/advisories/18589/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Update to version 6.1.4 Patch 2. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.44

sources: NVD: CVE-2006-0336 // BID: 16385 // VULHUB: VHN-16444 // VULMON: CVE-2006-0336 // PACKETSTORM: 43368

AFFECTED PRODUCTS

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.3

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.2

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:5.1.8

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:5.10

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.7

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4_patch_1

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.6

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:5.1.9

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.0.0

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.1.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.11

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.1

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.9

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.3

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.6

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:6.1.0

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.8

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:6.0.10

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.5

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.1

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.2

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1.4

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1.5

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.4

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:6.1.3_patch1

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1.2

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1.10

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.0.7

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:5.1.3

Trust: 1.0

vendor:keriomodel:winroute firewall patchscope:eqversion:6.1.41

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.1

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0

Trust: 0.3

vendor:keriomodel:winroute firewall patchscope:neversion:6.1.42

Trust: 0.3

sources: BID: 16385 // CNNVD: CNNVD-200601-250 // NVD: CVE-2006-0336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0336
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200601-250
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16444
value: MEDIUM

Trust: 0.1

VULMON: CVE-2006-0336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0336
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-16444
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16444 // VULMON: CVE-2006-0336 // CNNVD: CNNVD-200601-250 // NVD: CVE-2006-0336

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-250

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200601-250

EXTERNAL IDS

db:BIDid:16385

Trust: 2.1

db:NVDid:CVE-2006-0336

Trust: 2.1

db:SECUNIAid:18589

Trust: 1.9

db:VUPENid:ADV-2006-0324

Trust: 1.8

db:OSVDBid:22631

Trust: 1.8

db:CNNVDid:CNNVD-200601-250

Trust: 0.7

db:XFid:24317

Trust: 0.6

db:VULHUBid:VHN-16444

Trust: 0.1

db:VULMONid:CVE-2006-0336

Trust: 0.1

db:PACKETSTORMid:43368

Trust: 0.1

sources: VULHUB: VHN-16444 // VULMON: CVE-2006-0336 // BID: 16385 // PACKETSTORM: 43368 // CNNVD: CNNVD-200601-250 // NVD: CVE-2006-0336

REFERENCES

url:http://www.kerio.com/kwf_history.html

Trust: 2.2

url:http://www.securityfocus.com/bid/16385

Trust: 1.9

url:http://www.osvdb.org/22631

Trust: 1.8

url:http://secunia.com/advisories/18589

Trust: 1.8

url:http://www.vupen.com/english/advisories/2006/0324

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24317

Trust: 1.2

url:http://xforce.iss.net/xforce/xfdb/24317

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0324

Trust: 0.6

url:http://www.kerio.com

Trust: 0.3

url:http://www.kerio.com/kwf_home.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3613/

Trust: 0.1

url:http://www.kerio.com/kwf_download.html

Trust: 0.1

url:http://secunia.com/advisories/18589/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16444 // VULMON: CVE-2006-0336 // BID: 16385 // PACKETSTORM: 43368 // CNNVD: CNNVD-200601-250 // NVD: CVE-2006-0336

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 16385

SOURCES

db:VULHUBid:VHN-16444
db:VULMONid:CVE-2006-0336
db:BIDid:16385
db:PACKETSTORMid:43368
db:CNNVDid:CNNVD-200601-250
db:NVDid:CVE-2006-0336

LAST UPDATE DATE

2024-11-23T22:50:29.319000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16444date:2017-07-20T00:00:00
db:VULMONid:CVE-2006-0336date:2017-07-20T00:00:00
db:BIDid:16385date:2006-02-07T20:54:00
db:CNNVDid:CNNVD-200601-250date:2006-01-30T00:00:00
db:NVDid:CVE-2006-0336date:2024-11-21T00:06:13.633

SOURCES RELEASE DATE

db:VULHUBid:VHN-16444date:2006-01-21T00:00:00
db:VULMONid:CVE-2006-0336date:2006-01-21T00:00:00
db:BIDid:16385date:2006-01-25T00:00:00
db:PACKETSTORMid:43368date:2006-01-25T17:27:50
db:CNNVDid:CNNVD-200601-250date:2006-01-20T00:00:00
db:NVDid:CVE-2006-0336date:2006-01-21T00:03:00