CVE-2008-1429
published 2008-03-20CVE-2008-1429: Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet…
PriorityP428high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.01%
78.4th percentile
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silc | silc-server | <= 1.1 | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g564-j9mc-72m9: Secure Internet Live Conferencing (SILC) Server before 1
ghsa_unreviewed·2022-05-01
CVE-2008-1429 [HIGH] GHSA-g564-j9mc-72m9: Secure Internet Live Conferencing (SILC) Server before 1
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname.
Red Hat
JBossEAP status servlet info leak
vendor_redhat·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] JBossEAP status servlet info leak
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
No detection rules found.
Nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
nuclei·CVSS 5.0
CVE-2010-1429 [MEDIUM] Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Template:
id: CVE-2010-1429
info:
name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
author: R12W4N
severity: medium
description: |
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain
http://secunia.com/advisories/29459http://secunia.com/advisories/29946http://security.gentoo.org/glsa/glsa-200804-27.xmlhttp://silcnet.org/docs/release/SILC%20Server%201.1.1http://www.securityfocus.com/bid/28450http://www.securitytracker.com/id?1019711http://www.vupen.com/english/advisories/2008/0919/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41307http://secunia.com/advisories/29459http://secunia.com/advisories/29946http://security.gentoo.org/glsa/glsa-200804-27.xmlhttp://silcnet.org/docs/release/SILC%20Server%201.1.1http://www.securityfocus.com/bid/28450http://www.securitytracker.com/id?1019711http://www.vupen.com/english/advisories/2008/0919/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41307
2008-03-20
Published