CVE-2008-0127
published 2008-01-10CVE-2008-0127: The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary…
PriorityP352high8.8CVSS 2.0
AVNACMAuNCNICAC
EXPLOIT
EPSS
8.56%
94.4th percentile
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | e-business_server | <= 8.5.2 | — |
CVSS provenance
nvdv2.08.8HIGHAV:N/AC:M/Au:N/C:N/I:C/A:C
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vv84-p762-v8xx: The administration interface in McAfee E-Business Server 8
ghsa_unreviewed·2022-05-01
CVE-2008-0127 [HIGH] CWE-119 GHSA-vv84-p762-v8xx: The administration interface in McAfee E-Business Server 8
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
Red Hat
m2crypto: OpenSSL incorrect checks for malformed signatures
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0127 [MEDIUM] m2crypto: OpenSSL incorrect checks for malformed signatures
m2crypto: OpenSSL incorrect checks for malformed signatures
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.
Statement: Red Hat does not consider this to be a security issue. M2Crypto provides python interfaces to multiple OpenSSL functions. Neither of those interfaces is further used by M2Crypto in an insecure way. Additionally, no application shipped in Red Hat Enterprise Linux is know
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/28408http://securityreason.com/securityalert/3530http://securitytracker.com/id?1019170http://www.securityfocus.com/archive/1/485992/100/0/threadedhttp://www.securityfocus.com/archive/1/486035/100/0/threadedhttp://www.securityfocus.com/bid/27197http://www.vupen.com/english/advisories/2008/0087https://exchange.xforce.ibmcloud.com/vulnerabilities/39561https://exchange.xforce.ibmcloud.com/vulnerabilities/39563https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472https://www.exploit-db.com/exploits/4878http://secunia.com/advisories/28408http://securityreason.com/securityalert/3530http://securitytracker.com/id?1019170http://www.securityfocus.com/archive/1/485992/100/0/threadedhttp://www.securityfocus.com/archive/1/486035/100/0/threadedhttp://www.securityfocus.com/bid/27197http://www.vupen.com/english/advisories/2008/0087https://exchange.xforce.ibmcloud.com/vulnerabilities/39561https://exchange.xforce.ibmcloud.com/vulnerabilities/39563https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472https://www.exploit-db.com/exploits/4878
2008-01-10
Published