Lucene search

[email protected]CVE-2008-0945

HistoryFeb 25, 2008 - 9:44 p.m.

CVE-2008-0945

2008-02-2521:44:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2008-0945

format string vulnerability

im server

ipswitch instant messaging

denial of service

remote authenticated users

7.7 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.

CPENameOperatorVersion
ipswitch:imserveripswitch imserverle2.0.8.1
ipswitch:instant_messagingipswitch instant messagingle2.0.8.1

CPE	Name	Operator	Version
ipswitch:imserver	ipswitch imserver	le	2.0.8.1
ipswitch:instant_messaging	ipswitch instant messaging	le	2.0.8.1

References

aluigi.altervista.org/adv/ipsimene-adv.txt

aluigi.org/poc/ipsimene.zip

secunia.com/advisories/28824

securityreason.com/securityalert/3697

www.securityfocus.com/archive/1/487748/100/200/threaded

www.securityfocus.com/bid/27677

7.7 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2008-0945

cvelist1 prion1