Lucene search

K
cve[email protected]CVE-2013-1417
HistoryNov 20, 2013 - 2:12 p.m.

CVE-2013-1417

2013-11-2014:12:00
CWE-20
web.nvd.nist.gov
30
mit kerberos 5
kdc
denial of service
cve-2013-1417
nvd
security vulnerability

5.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.3%

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

5.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.033 Low

EPSS

Percentile

91.3%