CVE-2010-0362

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zeus:zeus_web_server::r4::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.1:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.2:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.3:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.4:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.5:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.6:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.7:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.3.8:::::::*
	cpe:2.3:a:zeus:zeus_web_server:3.4:::::::*
	cpe:2.3:a:zeus:zeus_web_server:4.1:::::::*
	cpe:2.3:a:zeus:zeus_web_server:4.1:r1::::::
	cpe:2.3:a:zeus:zeus_web_server:4.2:::::::*
	cpe:2.3:a:zeus:zeus_web_server:4.2:r2::::::
	cpe:2.3:a:zeus:zeus_web_server:4.3:::::::*
	cpe:2.3:a:zeus:zeus_web_server:4.3:r3::::::

History

No history.

Information

Published : 2010-01-20 16:30

Updated : 2011-05-06 04:00

NVD link : CVE-2010-0362

Mitre link : CVE-2010-0362

CVE.ORG link : CVE-2010-0362

JSON object : View

Products Affected

zeus

zeus_web_server

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2010-0362", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-01-20T16:30:00.617", "references": [{"url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses."}, {"lang": "es", "value": "Zeus Web Server en versiones anteriores a v4.3r5 no utiliza IDs aleatorios para las transacciones de las peticiones DNS, lo que hace mas f\u00e1cil a atacantes remotos falsificar las respuestas DNS."}], "lastModified": "2011-05-06T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zeus:zeus_web_server:*:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0CC1B4F-B527-4383-B16F-E392A0D0D8C2", "versionEndIncluding": "4.3"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF3C0DD2-15F8-4A76-BB8E-42988AA5751D"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE292E53-0183-41CB-89F5-A308DBE05AD2"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD6AE631-1E86-4F16-ACD6-044411F3E538"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E93078-4EC7-43B4-AF14-77E25A37BC0C"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "657E0196-89B2-4C05-97FD-65D82C179FCB"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "572BEB5E-FD32-448D-BC98-D685C96FF438"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D0B0919-5BE8-41F3-9E37-61919D8A3D47"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95831344-1D83-4C78-9A88-6D1F855DA316"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2209F46D-CC66-4F92-A127-D910F1E94B47"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8AE81E-74A4-4745-BB16-688B2F7B77E2"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9074BFE9-176E-43B7-AEC2-EE83A8AE0921"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D574A43D-E2A6-4BAF-803E-A7041B916A54"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC5B7188-066F-44B3-ADAF-AA937023A3DE"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECFC5BC3-8D90-4B23-8137-5810B879A5EF"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB434DD5-A283-4540-B5BD-55778D644696"}, {"criteria": "cpe:2.3:a:zeus:zeus_web_server:4.3:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5B78529-94DF-4829-B779-DD0CDC3E81C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10