cvelistv5 - cve-2007-0962

cve-2007-0962

Vulnerability from cvelistv5

Published

2007-02-16 00:00

Modified

2024-08-07 12:34

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/33055
cve@mitre.org	http://secunia.com/advisories/24160	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24180	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017651	Patch
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22561
cve@mitre.org	http://www.securityfocus.com/bid/22562
cve@mitre.org	http://www.securitytracker.com/id?1017652
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0608
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32486
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33055
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24160	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24180	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017651	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22561
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22562
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017652
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0608
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32486

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0608",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0608"
          },
          {
            "name": "24180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24180"
          },
          {
            "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
          },
          {
            "name": "1017651",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017651"
          },
          {
            "name": "22561",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22561"
          },
          {
            "name": "cisco-pix-asa-http-dos(32486)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
          },
          {
            "name": "33055",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33055"
          },
          {
            "name": "22562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22562"
          },
          {
            "name": "24160",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24160"
          },
          {
            "name": "20070214 Multiple Vulnerabilities in Firewall Services Module",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
          },
          {
            "name": "1017652",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0608",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0608"
        },
        {
          "name": "24180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24180"
        },
        {
          "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
        },
        {
          "name": "1017651",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017651"
        },
        {
          "name": "22561",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22561"
        },
        {
          "name": "cisco-pix-asa-http-dos(32486)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
        },
        {
          "name": "33055",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33055"
        },
        {
          "name": "22562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22562"
        },
        {
          "name": "24160",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24160"
        },
        {
          "name": "20070214 Multiple Vulnerabilities in Firewall Services Module",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
        },
        {
          "name": "1017652",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0608",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0608"
            },
            {
              "name": "24180",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24180"
            },
            {
              "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
            },
            {
              "name": "1017651",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017651"
            },
            {
              "name": "22561",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22561"
            },
            {
              "name": "cisco-pix-asa-http-dos(32486)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
            },
            {
              "name": "33055",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33055"
            },
            {
              "name": "22562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22562"
            },
            {
              "name": "24160",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24160"
            },
            {
              "name": "20070214 Multiple Vulnerabilities in Firewall Services Module",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
            },
            {
              "name": "1017652",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0962",
    "datePublished": "2007-02-16T00:00:00",
    "dateReserved": "2007-02-15T00:00:00",
    "dateUpdated": "2024-08-07T12:34:21.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9A8528D-DF6A-4493-A77E-CBF08359F2E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F90E9070-781D-4D3D-98EB-5B6DB9D3C75E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"891B8FA4-B602-42C5-A94F-8C60BBF7A7D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"856917BD-179B-4C43-8EA6-034254720B63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009CCE4-908C-4830-B0E0-7B4CB33280F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"640CDC78-22D3-4E60-8D36-F088D8DB27DA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \\\"inspect http\\\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.\"}, {\"lang\": \"es\", \"value\": \"Cisco PIX 500 y ASA 5500 Series Security Appliances 7.x versiones anteriores a 7.0(4.14), 7.1 versiones anteriores a 7.1(2.1), y el FWSM 2.x versiones anteriores a 2.3(4.12) y 3.x versiones anteriores a 3.1(3.24), cuando \\\"inspect http\\\" est\\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (reinicio de dispositivo) mediante tr\\u00e1fico HTTP mal-formado.\"}]",
      "id": "CVE-2007-0962",
      "lastModified": "2024-11-21T00:27:10.203",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-02-16T00:28:00.000",
      "references": "[{\"url\": \"http://osvdb.org/33055\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24160\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24180\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017651\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/22561\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22562\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1017652\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0608\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32486\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/33055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24180\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/22561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22562\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1017652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/32486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0962\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-16T00:28:00.000\",\"lastModified\":\"2024-11-21T00:27:10.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \\\"inspect http\\\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.\"},{\"lang\":\"es\",\"value\":\"Cisco PIX 500 y ASA 5500 Series Security Appliances 7.x versiones anteriores a 7.0(4.14), 7.1 versiones anteriores a 7.1(2.1), y el FWSM 2.x versiones anteriores a 2.3(4.12) y 3.x versiones anteriores a 3.1(3.24), cuando \\\"inspect http\\\" est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) mediante tr\u00e1fico HTTP mal-formado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9A8528D-DF6A-4493-A77E-CBF08359F2E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F90E9070-781D-4D3D-98EB-5B6DB9D3C75E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891B8FA4-B602-42C5-A94F-8C60BBF7A7D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"856917BD-179B-4C43-8EA6-034254720B63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009CCE4-908C-4830-B0E0-7B4CB33280F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"640CDC78-22D3-4E60-8D36-F088D8DB27DA\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/33055\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24160\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24180\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017651\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/22561\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017652\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0608\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/33055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/22561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/32486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2007-0962

Vulnerability from fkie_nvd

Published

2007-02-16 00:28

Modified

2024-11-21 00:27

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/33055
cve@mitre.org	http://secunia.com/advisories/24160	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24180	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017651	Patch
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/22561
cve@mitre.org	http://www.securityfocus.com/bid/22562
cve@mitre.org	http://www.securitytracker.com/id?1017652
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0608
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32486
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/33055
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24160	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24180	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017651	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22561
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22562
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017652
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0608
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32486

Impacted products

Vendor	Product	Version
cisco	firewall_services_module	2.3
cisco	firewall_services_module	3.1
cisco	asa_5500	7.0
cisco	asa_5500	7.1
cisco	pix_firewall_software	7.0
cisco	pix_firewall_software	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A8528D-DF6A-4493-A77E-CBF08359F2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90E9070-781D-4D3D-98EB-5B6DB9D3C75E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891B8FA4-B602-42C5-A94F-8C60BBF7A7D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "856917BD-179B-4C43-8EA6-034254720B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009CCE4-908C-4830-B0E0-7B4CB33280F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "640CDC78-22D3-4E60-8D36-F088D8DB27DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
    },
    {
      "lang": "es",
      "value": "Cisco PIX 500 y ASA 5500 Series Security Appliances 7.x versiones anteriores a 7.0(4.14), 7.1 versiones anteriores a 7.1(2.1), y el FWSM 2.x versiones anteriores a 2.3(4.12) y 3.x versiones anteriores a 3.1(3.24), cuando \"inspect http\" est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) mediante tr\u00e1fico HTTP mal-formado."
    }
  ],
  "id": "CVE-2007-0962",
  "lastModified": "2024-11-21T00:27:10.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-16T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22561"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017652"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0608"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-995f-73jj-h5f7

Vulnerability from github

Published

2022-05-01 17:48

Modified

2022-05-01 17:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0962"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-02-16T00:28:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.",
  "id": "GHSA-995f-73jj-h5f7",
  "modified": "2022-05-01T17:48:53Z",
  "published": "2022-05-01T17:48:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0962"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/33055"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24160"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24180"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017651"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22561"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22562"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017652"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0608"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. According to Cisco Systems information, advanced HTTP The inspection function is disabled by default and is "inspect http" (HTTP Inspection ) Has been reported to be unaffected.Crafted by a third party HTTP Processing the request causes the device to interfere with service operation (DoS) It may be in a state. Cisco PIX and ASA are prone to a privilege-escalation vulnerability. Exploiting this issue allows authenticated attackers to gain administrative privileges on affected computers. This may facilitate the complete compromise of the affected device. This issue is tracked by Cisco Bug ID: CSCsh33287. The Cisco PIX/ASA and Firewall Services Module (FWSM) provide firewall services with stateful packet filtering and deep packet inspection. Note that normal HTTP inspection (configured via inspect http, without HTTP mapping) is not affected by this vulnerability.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.

Try it out online: http://secunia.com/software_inspector/

TITLE: Cisco PIX and ASA Privilege Escalation and Denial of Service

SECUNIA ADVISORY ID: SA24160

VERIFY ADVISORY: http://secunia.com/advisories/24160/

CRITICAL: Moderately critical

IMPACT: Privilege escalation, DoS

WHERE:

From remote

OPERATING SYSTEM: Cisco PIX 7.x http://secunia.com/product/6102/ Cisco Adaptive Security Appliance (ASA) 7.x http://secunia.com/product/6115/

DESCRIPTION: Some vulnerabilities have been reported in Cisco PIX and ASA, which can be exploited by malicious users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).

1) An unspecified error exists within the enhanced HTTP inspection feature. This can be exploited to crash the device via malformed HTTP requests, but requires that enhanced HTTP inspection is enabled.

2) An unspecified error exists within the SIP packet inspection. This can be exploited to crash the device by sending specially crafted SIP packets, but requires that "inspect" is enabled (it is disabled by default).

3) An unspecified error exists within the TCP-based protocol inspection. This can be exploited to crash the device via malformed packets, but requires that inspection of TCP-based protocols (e.g. FTP or HTTP) is enabled.

4) An unspecified error within the "LOCAL" authentication method can be exploited to gain escalated privileges. Successful exploitation allows gaining privilege level 15 and changing the complete configuration of the device, but requires that the attacker can authenticate to the device and that he is defined in the local database with privilege level 0.

SOLUTION: Apply updated versions. See the vendor advisory for a patch matrix.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Successful exploitation requires that "SIP fixup" is enabled, which is the default setting.

2) A security issue when manipulating ACLs (Access Control Lists) that make use of object groups can corrupt ACLs, resulting in ACEs (Access Control Entries) being skipped or not evaluated in order, which can be exploited to bypass certain security restrictions.

Note: Only an administrative user can change ACLs. Additionally, this does not affected devices which are reloaded after ACLs have been manipulated

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200702-0342",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "2.3"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "asa 5500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.x"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.10)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0962",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-0962",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-24324",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0962",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200702-315",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24324",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. According to Cisco Systems information, advanced HTTP The inspection function is disabled by default and is \"inspect http\" (HTTP Inspection ) Has been reported to be unaffected.Crafted by a third party HTTP Processing the request causes the device to interfere with service operation (DoS) It may be in a state. Cisco PIX and ASA are prone to a privilege-escalation vulnerability. \nExploiting this issue allows authenticated attackers to gain administrative privileges on affected computers. This may facilitate the complete compromise of the affected device. This issue is tracked by Cisco Bug ID: CSCsh33287. The Cisco PIX/ASA and Firewall Services Module (FWSM) provide firewall services with stateful packet filtering and deep packet inspection. Note that normal HTTP inspection (configured via inspect http, without HTTP mapping) is not affected by this vulnerability. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco PIX and ASA Privilege Escalation and Denial of Service\n\nSECUNIA ADVISORY ID:\nSA24160\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24160/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nPrivilege escalation, DoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco PIX 7.x\nhttp://secunia.com/product/6102/\nCisco Adaptive Security Appliance (ASA) 7.x\nhttp://secunia.com/product/6115/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco PIX and ASA, which\ncan be exploited by malicious users to gain escalated privileges and\nby malicious people to cause a DoS (Denial of Service). \n\n1) An unspecified error exists within the enhanced HTTP inspection\nfeature. This can be exploited to crash the device via malformed HTTP\nrequests, but requires that enhanced HTTP inspection is enabled. \n\n2) An unspecified error exists within the SIP packet inspection. This\ncan be exploited to crash the device by sending specially crafted SIP\npackets, but requires that \"inspect\" is enabled (it is disabled by\ndefault). \n\n3) An unspecified error exists within the TCP-based protocol\ninspection. This can be exploited to crash the device via malformed\npackets, but requires that inspection of TCP-based protocols (e.g. \nFTP or HTTP) is enabled. \n\n4) An unspecified error within the \"LOCAL\" authentication method can\nbe exploited to gain escalated privileges. Successful exploitation\nallows gaining privilege level 15 and changing the complete\nconfiguration of the device, but requires that the attacker can\nauthenticate to the device and that he is defined in the local\ndatabase with privilege level 0. \n\nSOLUTION:\nApply updated versions. See the vendor advisory for a patch matrix. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSuccessful exploitation requires that \"SIP fixup\" is enabled, which\nis the default setting. \n\n2) A security issue when manipulating ACLs (Access Control Lists)\nthat make use of object groups can corrupt ACLs, resulting in ACEs\n(Access Control Entries) being skipped or not evaluated in order,\nwhich can be exploited to bypass certain security restrictions. \n\nNote: Only an administrative user can change ACLs. Additionally, this\ndoes not affected devices which are reloaded after ACLs have been\nmanipulated",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "BID",
        "id": "22562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "db": "PACKETSTORM",
        "id": "54452"
      },
      {
        "db": "PACKETSTORM",
        "id": "54443"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0962",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "24160",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "22561",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22562",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "24180",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "33055",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017652",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017651",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0608",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20070214 MULTIPLE VULNERABILITIES IN FIREWALL SERVICES MODULE",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20070214 MULTIPLE VULNERABILITIES IN CISCO PIX AND ASA APPLIANCES",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "32486",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-24324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54452",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54443",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "db": "BID",
        "id": "22562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "PACKETSTORM",
        "id": "54452"
      },
      {
        "db": "PACKETSTORM",
        "id": "54443"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "id": "VAR-200702-0342",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:12:46.565000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070214-pix",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml"
      },
      {
        "title": "cisco-sa-20070214-fwsm",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/22561"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/22562"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807e2484.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807e2481.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/33055"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017651"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1017652"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24160"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24180"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/0608"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0608"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/24160/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0962"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0962"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/32486"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/460079"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6115/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5088/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24180/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "db": "BID",
        "id": "22562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "PACKETSTORM",
        "id": "54452"
      },
      {
        "db": "PACKETSTORM",
        "id": "54443"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "db": "BID",
        "id": "22562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "db": "PACKETSTORM",
        "id": "54452"
      },
      {
        "db": "PACKETSTORM",
        "id": "54443"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-02-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "date": "2007-02-14T00:00:00",
        "db": "BID",
        "id": "22562"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "date": "2007-02-16T06:49:41",
        "db": "PACKETSTORM",
        "id": "54452"
      },
      {
        "date": "2007-02-16T06:49:41",
        "db": "PACKETSTORM",
        "id": "54443"
      },
      {
        "date": "2007-02-16T00:28:00",
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "date": "2007-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24324"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "22562"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      },
      {
        "date": "2018-10-30T16:25:19.340000",
        "db": "NVD",
        "id": "CVE-2007-0962"
      },
      {
        "date": "2007-02-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco PIX/ASA and  FWSM Rogue  HTTP Service disruption due to traffic  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000142"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200702-315"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-0962

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0962

Aliases

CVE-2007-0962

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0962",
    "description": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.",
    "id": "GSD-2007-0962"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0962"
      ],
      "details": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.",
      "id": "GSD-2007-0962",
      "modified": "2023-12-13T01:21:35.850160Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0962",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-0608",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0608"
          },
          {
            "name": "24180",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24180"
          },
          {
            "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
          },
          {
            "name": "1017651",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017651"
          },
          {
            "name": "22561",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22561"
          },
          {
            "name": "cisco-pix-asa-http-dos(32486)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
          },
          {
            "name": "33055",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/33055"
          },
          {
            "name": "22562",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22562"
          },
          {
            "name": "24160",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24160"
          },
          {
            "name": "20070214 Multiple Vulnerabilities in Firewall Services Module",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
          },
          {
            "name": "1017652",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017652"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:asa_5500:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0962"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when \"inspect http\" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml"
            },
            {
              "name": "20070214 Multiple Vulnerabilities in Firewall Services Module",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml"
            },
            {
              "name": "22562",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22562"
            },
            {
              "name": "1017651",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1017651"
            },
            {
              "name": "24160",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24160"
            },
            {
              "name": "24180",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24180"
            },
            {
              "name": "22561",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22561"
            },
            {
              "name": "1017652",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017652"
            },
            {
              "name": "33055",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/33055"
            },
            {
              "name": "ADV-2007-0608",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0608"
            },
            {
              "name": "cisco-pix-asa-http-dos(32486)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32486"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2007-02-16T00:28Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-0962

Vulnerability from cvelistv5

cve-2007-0962

Vulnerability from fkie_nvd

ghsa-995f-73jj-h5f7

Vulnerability from github

var-200702-0342

Vulnerability from variot

gsd-2007-0962

Vulnerability from gsd

Tags

Sightings

Nomenclature