CVE-2006-0340
published 2006-01-21CVE-2006-0340: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is…
high7.1CVSS 3.1
AVNACMAuNCNINAC
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
Affected
108 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
| cisco | ios | — | — |
Cisco
IOS Stack Group Bidding Protocol Crafted Packet DoS
vendor_cisco·2006-01-18
CVE-2006-0340 CWE-399 IOS Stack Group Bidding Protocol Crafted Packet DoS
IOS Stack Group Bidding Protocol Crafted Packet DoS
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain
versions of Cisco IOS software is vulnerable to a remotely-exploitable denial
of service condition. Devices that do not support or have not enabled the SGBP
protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability
for affected customers. There are workarounds available to mitigate the effects
of the vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060118-sgbp
.
Cisco
IOS Stack Group Bidding Protocol Crafted Packet DoS
vendor_cisco
CVE-2006-0340 IOS Stack Group Bidding Protocol Crafted Packet DoS
CVE-2006-0340: IOS Stack Group Bidding Protocol Crafted Packet DoS
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability. Cisco has made free software available to address this vulnerability for affected customers. There are
CWE: CWE-399, CWE-399
Bug IDs: CSCsb11124, CSCsb11124
GHSA
GHSA-7fvm-59m5-23qm: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12
ghsa_unreviewed·2022-05-01
CVE-2006-0340 [HIGH] CWE-20 GHSA-7fvm-59m5-23qm: Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
bugzilla·2007-04-30·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
A number of flaws affect the version of Tomcat5 shipped with RHAPS-EL3 (last
updated in RHSA-2006:0592 to 5.0.28). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0340.html
Bugzilla
CVE-2006-7196 tomcat XSS in example webapps
bugzilla·2007-04-27·CVSS 4.3
CVE-2006-7196 [MEDIUM] CVE-2006-7196 tomcat XSS in example webapps
CVE-2006-7196 tomcat XSS in example webapps
According to http://tomcat.apache.org/security-5.html
Fixed in Apache Tomcat 5.5.16
Cross-site scripting CVE-2006-7196
The calendar application included as part of the JSP examples is susceptible to
a cross-site scripting attack as it does not escape user provided data before
including it in the returned page.
Affects: 5.0.0-5.0.30, 5.5.0-5.5.15
Advisory text: "The calendar application in the JSP examples did not escape
displayed values. If the JSP examples are accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks. (CVE-2006-7196)"
Discussion:
This was addressed via:
Red Hat Application Server v2 4AS (RHSA-2007:0326)
Red Hat Application Server 3AS (RHSA-2007:0340)
Red Hat Network Satellite Server 5.0
http://secunia.com/advisories/18490http://securityreason.com/securityalert/358http://securitytracker.com/id?1015501http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtmlhttp://www.osvdb.org/22624http://www.securityfocus.com/bid/16303http://www.vupen.com/english/advisories/2006/0248https://exchange.xforce.ibmcloud.com/vulnerabilities/24182http://secunia.com/advisories/18490http://securityreason.com/securityalert/358http://securitytracker.com/id?1015501http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtmlhttp://www.osvdb.org/22624http://www.securityfocus.com/bid/16303http://www.vupen.com/english/advisories/2006/0248https://exchange.xforce.ibmcloud.com/vulnerabilities/24182
2006-01-21
Published