Sign-up

ID

VAR-201202-0282


CVE

CVE-2012-1008


TITLE

OfficeSIP Server Input Validation Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-9092 // CNNVD: CNNVD-201202-145

DESCRIPTION

OfficeSIP Server There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition.By a third party SIP INVITE Cleverly crafted in the message To Service disruption via header ( Daemon crash ) There is a possibility of being put into a state. A vulnerability exists in the OfficeSIP Server version 3.1. Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions

Trust: 1.53

sources: JVNDB: JVNDB-2012-001352 // CNVD: CNVD-2012-9092 // BID: 51828

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-9092

AFFECTED PRODUCTS

vendor:officesipmodel:serverscope:eqversion:3.1

Trust: 3.0

vendor:officesipmodel:communications officesip serverscope:eqversion:3.1

Trust: 0.3

sources: CNVD: CNVD-2012-9092 // BID: 51828 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // NVD: CVE-2012-1008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1008
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1008
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-9092
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201202-145
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2012-1008
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-9092
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2012-9092 // JVNDB: JVNDB-2012-001352 // CNNVD: CNNVD-201202-145 // NVD: CVE-2012-1008

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2012-001352 // NVD: CVE-2012-1008

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201202-145 // CNNVD: CNNVD-201202-053

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201202-145

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001352

PATCH
title:Top Pageurl:http://www.officesip.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001352

EXTERNAL IDS
db:NVDid:CVE-2012-1008
Trust: 3.3
db:EXPLOIT-DBid:18453
Trust: 1.0
db:BIDid:51828
Trust: 0.9
db:JVNDBid:JVNDB-2012-001352
Trust: 0.8
db:CNVDid:CNVD-2012-9092
Trust: 0.6
db:CNNVDid:CNNVD-201202-145
Trust: 0.6
db:CNNVDid:CNNVD-201202-053
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-9092 // 
            
            
            
            BID: 51828 // 
            
            
            
            JVNDB: JVNDB-2012-001352 // 
            
            
            
            CNNVD: CNNVD-201202-145 // 
            
            
            
            CNNVD: CNNVD-201202-053 // 
            
            
            
            NVD: CVE-2012-1008

REFERENCES
url:http://secpod.org/advisories/secpod_exploit_officesip_server_dos_vuln.txt
Trust: 1.9
url:http://secpod.org/exploits/secpod_exploit_officesip_server_dos.py
Trust: 1.6
url:http://secpod.org/blog/?p=461
Trust: 1.6
url:http://www.exploit-db.com/exploits/18453
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1008
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1008
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1008
Trust: 0.6
url:http://www.securityfocus.com/bid/51828
Trust: 0.6
url:http://www.officesip.com/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-9092 // 
            
            
            
            BID: 51828 // 
            
            
            
            JVNDB: JVNDB-2012-001352 // 
            
            
            
            CNNVD: CNNVD-201202-145 // 
            
            
            
            CNNVD: CNNVD-201202-053 // 
            
            
            
            NVD: CVE-2012-1008

CREDITS
Prabhu S Angadi of SecPod Technologies
Trust: 0.9
sources:
            
            
            BID: 51828 // 
            
            
            
            CNNVD: CNNVD-201202-053

SOURCES
db:CNVDid:CNVD-2012-9092
db:BIDid:51828
db:JVNDBid:JVNDB-2012-001352
db:CNNVDid:CNNVD-201202-145
db:CNNVDid:CNNVD-201202-053
db:NVDid:CVE-2012-1008

LAST UPDATE DATE
2024-08-14T15:35:17.360000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-9092date:2012-02-09T00:00:00
db:BIDid:51828date:2012-02-09T12:00:00
db:JVNDBid:JVNDB-2012-001352date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-145date:2012-02-09T00:00:00
db:CNNVDid:CNNVD-201202-053date:2012-02-07T00:00:00
db:NVDid:CVE-2012-1008date:2013-07-26T06:40:59.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-9092date:2012-02-09T00:00:00
db:BIDid:51828date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001352date:2012-02-10T00:00:00
db:CNNVDid:CNNVD-201202-145date:2012-02-09T00:00:00
db:CNNVDid:CNNVD-201202-053date:1900-01-01T00:00:00
db:NVDid:CVE-2012-1008date:2012-02-08T04:11:31.920