Lucene search

[email protected]CVE-2009-2966

HistoryAug 25, 2009 - 5:30 p.m.

CVE-2009-2966

2009-08-2517:30:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-2966

kaspersky

internet security

anti-virus

denial of service

http url

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot “.” characters.

Affected configurations

NVD

Node

kasperskykaspersky_anti-virusMatch9.0.0.463

kasperskykaspersky_internet_securityMatch9.0.0.459

CPENameOperatorVersion
kaspersky:kaspersky_anti-viruskaspersky kaspersky anti-viruseq9.0.0.463
kaspersky:kaspersky_internet_securitykaspersky kaspersky internet securityeq9.0.0.459

CPE	Name	Operator	Version
kaspersky:kaspersky_anti-virus	kaspersky kaspersky anti-virus	eq	9.0.0.463
kaspersky:kaspersky_internet_security	kaspersky kaspersky internet security	eq	9.0.0.459

References

archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html

secunia.com/advisories/36405

securityreason.com/achievement_securityalert/66

www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077

www.osvdb.org/57173

www.securityfocus.com/bid/36084

www.securitytracker.com/id?1022754

www.securitytracker.com/id?1022755

exchange.xforce.ibmcloud.com/vulnerabilities/52571

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2009-2966

cvelist1 prion1 nvd1