JVNDB-2020-000060

Vulnerability from jvndb - Published: 2020-08-31 14:41 - Updated:2020-08-31 14:41
Severity ?
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
"Shadankun Server Security Type" vulnerable to denial-of-service (DoS)
Details
"Shadankun Server Security Type" provided by Cyber Security Cloud , Inc. contains a denial-of-service (DoS) vulnerability. When "Rule id"s assigned by the product's internal script overlap, it would not be able to add newly detected attack source IP addresses as the blocking targets (CWE-703). The overlaps of "Rule id"s occur under following conditions: * When multiple attack requests are sent from a large number of source IP addresses in under 10 microseconds * When attack requests from more than one source IP addresses occurred at the same time by the minute/10 microsecond to 100 millisecond units, but different time by the second
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000060.html",
  "dc:date": "2020-08-31T14:41+09:00",
  "dcterms:issued": "2020-08-31T14:41+09:00",
  "dcterms:modified": "2020-08-31T14:41+09:00",
  "description": "\"Shadankun Server Security Type\" provided by Cyber Security Cloud , Inc. contains a denial-of-service (DoS) vulnerability. When \"Rule id\"s assigned by the product\u0027s internal script overlap, it would not be able to add newly detected attack source IP addresses as the blocking targets (CWE-703).\r\n\r\n The overlaps of \"Rule id\"s occur under following conditions: \r\n* When multiple attack requests are sent from a large number of source IP addresses in under 10 microseconds\r\n* When attack requests from more than one source IP addresses occurred at the same time by the minute/10 microsecond to 100 millisecond units, but different time by the second",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000060.html",
  "sec:cpe": {
    "#text": "cpe:/a:shadan-kun:server_security_type",
    "@product": "Shadankun Server Security Type",
    "@vendor": "Cyber Security Cloud , Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000060",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN42665874/index.html",
      "@id": "JVN#42665874",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5622",
      "@id": "CVE-2020-5622",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5622",
      "@id": "CVE-2020-5622",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "\"Shadankun Server Security Type\" vulnerable to denial-of-service (DoS)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.