Lucene search

[email protected]CVE-2015-2894

HistoryDec 31, 2015 - 5:59 a.m.

CVE-2015-2894

2015-12-3105:59:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2015-2894

format string vulnerability

idera uptime infrastructure monitor

denial of service

application crash

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.2%

JSON

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.

CPENameOperatorVersion
idera:uptime_infrastructure_monitoridera uptime infrastructure monitoreq7.2
idera:uptime_infrastructure_monitoridera uptime infrastructure monitoreq6.0

CPE	Name	Operator	Version
idera:uptime_infrastructure_monitor	idera uptime infrastructure monitor	eq	7.2
idera:uptime_infrastructure_monitor	idera uptime infrastructure monitor	eq	6.0

References

www.kb.cert.org/vuls/id/377260

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2015-2894

prion1 cvelist1 cert1