Lucene search

K
cve[email protected]CVE-2009-0362
HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-0362

2022-10-0316:24:09
CWE-287
web.nvd.nist.gov
26
fail2ban
vulnerability
filter
wuftpd
denial of service
cve-2009-0362
nvd

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.212 Low

EPSS

Percentile

96.4%

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.

Affected configurations

NVD
Node
fail2banfail2banMatch0.8.3
CPENameOperatorVersion
fail2ban:fail2banfail2baneq0.8.3

6.5 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.212 Low

EPSS

Percentile

96.4%