VAR-200101-0071
Vulnerability from variot - Updated: 2023-12-18 12:47The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. SonicWALL SOHO provides a secure internet connection for a network. SonicWALL SOHO is subject to a denial of service. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests. This vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host. There is a vulnerability in the web server of the SonicWALL SOHO firewall
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200101-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "soho firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "4.0.0"
},
{
"model": "soho firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "5.0.0"
},
{
"model": "soho",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "5.0.0"
},
{
"model": "soho",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.0"
}
],
"sources": [
{
"db": "BID",
"id": "2013"
},
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:soho_firewall:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:soho_firewall:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-1097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered and posted to Bugtraq by Raptor \u003craptor@0xdeadbeef.eu.org\u003e on Nov 29, 2000.",
"sources": [
{
"db": "BID",
"id": "2013"
}
],
"trust": 0.3
},
"cve": "CVE-2000-1097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-2665",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-1097",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200101-095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-2665",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2665"
},
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. SonicWALL SOHO provides a secure internet connection for a network. \nSonicWALL SOHO is subject to a denial of service. This has been verified to last for up to 30 seconds until functionality resumes, although a restart of the service may be required in order to gain normal functionality. In addition, it has been verified that this vulnerability is exploitable by way of various malformed HTTP requests. \nThis vulnerability may be the result of a buffer overflow, although not verified this could lead to the execution of arbitrary code on the target host. There is a vulnerability in the web server of the SonicWALL SOHO firewall",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "BID",
"id": "2013"
},
{
"db": "VULHUB",
"id": "VHN-2665"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2013",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1667",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2000-1097",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20001201 FW: SONICWALL SOHO VULNERABILITY (FWD)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20001129 DOS IN SONICWALL SOHO FIREWALL",
"trust": 0.6
},
{
"db": "XF",
"id": "5596",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-2665",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2665"
},
{
"db": "BID",
"id": "2013"
},
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"id": "VAR-200101-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-2665"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:47:37.209000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-1097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/2013"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1667"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5596"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/5596"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-2665"
},
{
"db": "BID",
"id": "2013"
},
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-2665"
},
{
"db": "BID",
"id": "2013"
},
{
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-2665"
},
{
"date": "2000-11-29T00:00:00",
"db": "BID",
"id": "2013"
},
{
"date": "2001-01-09T05:00:00",
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"date": "2001-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-2665"
},
{
"date": "2000-11-29T00:00:00",
"db": "BID",
"id": "2013"
},
{
"date": "2017-10-10T01:29:29.107000",
"db": "NVD",
"id": "CVE-2000-1097"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWALL SOHO Service denial vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200101-095"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…