Lucene search

[email protected]CVE-2007-5715

HistoryOct 30, 2007 - 7:46 p.m.

CVE-2007-5715

2007-10-3019:46:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2007-5715

denyhosts

openssh

sshd

allowusers

invalid login attempts

remote attackers

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

JSON

DenyHosts 2.6 processes OpenSSH sshd “not listed in AllowUsers” log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

Affected configurations

NVD

Node

denyhostsdenyhostsMatch2.6

CPENameOperatorVersion
denyhosts:denyhostsdenyhostseq2.6

CPE	Name	Operator	Version
denyhosts:denyhosts	denyhosts	eq	2.6

References

bugs.gentoo.org/show_bug.cgi?id=181213

osvdb.org/45298

bugzilla.redhat.com/show_bug.cgi?id=237449

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2007-5715

prion2 ubuntucve2 cvelist2 nvd2 nessus1 openvas2 gentoo1 cve1