[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7705Date: (C)2017-08-09   (M)2024-02-01


The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1033951
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
http://www.securityfocus.com/archive/1/536737/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded
BID-77284
GLSA-201607-15
SUSE-SU-2016:1247
SUSE-SU-2016:1278
SUSE-SU-2016:1291
SUSE-SU-2016:1311
SUSE-SU-2016:1471
SUSE-SU-2016:1568
SUSE-SU-2016:1912
SUSE-SU-2016:2094
USN-2783-1
VU#718152
http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug2901
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit
https://bto.bluecoat.com/security-advisory/sa103
https://bugzilla.redhat.com/show_bug.cgi?id=1274184
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://eprint.iacr.org/2015/1020.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
https://security.netapp.com/advisory/ntap-20171004-0001/
https://support.citrix.com/article/CTX220112
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016
https://www.cs.bu.edu/~goldbe/NTPattack.html
openSUSE-SU-2015:2016
openSUSE-SU-2016:1329
openSUSE-SU-2016:1423

CPE    7
cpe:/a:citrix:xenserver:6.0.2
cpe:/a:ntp:ntp
cpe:/a:citrix:xenserver:7.0
cpe:/a:ntp:ntp:4.2.8:p2
...
CWE    1
CWE-20
OVAL    8
oval:org.secpod.oval:def:89045466
oval:org.secpod.oval:def:400748
oval:org.secpod.oval:def:31662
oval:org.secpod.oval:def:52613
...

© SecPod Technologies