Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11448
HistoryAug 19, 2013 - 12:00 a.m.

KLA11448 DoS vulnerability in WinSCP

2013-08-1900:00:00
Kaspersky Lab
threats.kaspersky.com
17

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Integer overflow vulnerability was found in WinSCP. Malicious users can exploit this vulnerability remotely to cause denial of service and possibly execute arbitrary code.

Original advisories

[http://winscp.net/tracker/show_bug.cgi?id=1017](Bug 1017 – SSH vulnerability)

Related products

WinSCP

CVE list

CVE-2013-4852 high

Solution

Update to the latest version

Download WinSCP

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • WinSCP earlier than 5.1.6

Related

securityvulns 3
nessus 13
prion 1
cvelist 1
nvd 1
kaspersky 2
seebug 1
debiancve 1
ubuntucve 1
openvas 15
cve 1
gentoo 2
mageia 1
fedora 4
freebsd 1
osv 1
debian 2
securityvulns
securityvulns
PuTTY SSH handshake heap overflow
2013-08-05 00:00:00
PuTTY / WinSCP security vulnerabilities
2013-08-14 00:00:00
[SECURITY] [DSA 2736-1] putty security update
2013-08-14 00:00:00
nessus
nessus
FileZilla Client < 3.7.2 SFTP Integer Overflow
2013-08-13 00:00:00
WinSCP < 5.1.6 RSA Signature Blob Integer Overflow
2014-02-07 00:00:00
openSUSE Security Update : putty (openSUSE-SU-2013:1355-1)
2014-06-13 00:00:00
prion
prion
Integer overflow
2013-08-19 23:55:00
cvelist
cvelist
CVE-2013-4852
2013-08-19 23:00:00
nvd
nvd
CVE-2013-4852
2013-08-19 23:55:09
kaspersky
kaspersky
KLA11443 DoS vulnerability in PuTTY
2013-08-19 00:00:00
KLA10434 Multiple vulnerabilities in PuTTY
2013-08-19 00:00:00
seebug
seebug
PuTTY 'getstring()'ε‡½ζ•°ε€šδΈͺζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2013-08-11 00:00:00
debiancve
debiancve
CVE-2013-4852
2013-08-19 23:55:09
ubuntucve
ubuntucve
CVE-2013-4852
2013-08-19 00:00:00
openvas
openvas
WinSCP Integer Overflow Vulnerability - Windows
2013-08-21 00:00:00
Gentoo Security Advisory GLSA 201308-01
2015-09-29 00:00:00
Fedora Update for putty FEDORA-2013-14656
2013-08-23 00:00:00
cve
cve
CVE-2013-4852
2013-08-19 23:55:09
gentoo
gentoo
PuTTY: Multiple Vulnerabilities
2013-08-21 00:00:00
FileZilla: Multiple vulnerabilities
2013-09-15 00:00:00
mageia
mageia
Updated putty and filezilla packages fixes security vulnerability
2013-08-09 21:38:37
fedora
fedora
[SECURITY] Fedora 18 Update: filezilla-3.7.3-1.fc18
2013-09-30 00:48:24
[SECURITY] Fedora 18 Update: putty-0.63-1.fc18
2013-08-21 00:01:06
[SECURITY] Fedora 19 Update: filezilla-3.7.3-1.fc19
2013-08-18 00:39:40
freebsd
freebsd
PuTTY -- Four security holes in versions before 0.63
2013-07-08 00:00:00
osv
osv
putty - several
2013-08-11 00:00:00
debian
debian
[SECURITY] [DSA 2736-1] putty security update
2013-08-11 19:49:26
[SECURITY] [DSA 2736-1] putty security update
2013-08-11 19:49:26

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for KLA11448
securityvulns3nessus13prion1cvelist1nvd1kaspersky2seebug1debiancve1ubuntucve1openvas15cve1gentoo2mageia1fedora4freebsd1osv1debian2