Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2007

CWE-20Improper Input ValidationCWE-37722 documents6 sources
Severity
5.0MEDIUM
EPSS
58.5%
top 1.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Host Integration Server
Timeline
PublishedOct 12
Latest updateMay 14

Description

Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-xj4g-c5mp-4x9c: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou2022-05-14
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files2018-08-23
CVEList
CVE-2011-2007: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou2011-10-12

💥Exploits & PoCs

14
Exploit-DB
Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure2011-11-07
Exploit-DB
Microsoft Excel 2007 - '.xlb' Local Buffer Overflow (MS11-021) (Metasploit)2011-11-05
Exploit-DB
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)2011-09-20
Exploit-DB
DVD X Player 5.5 - '.plf' Playlist Buffer Overflow (Metasploit)2011-09-01
Exploit-DB
Oracle HTTP Server - Cross-Site Scripting Header Injection2011-06-13

📋Vendor Advisories

4
Red Hat
httpd: multiple ranges DoS2011-08-20
Red Hat
php-pear: symlink vulnerability in PEAR installer2010-11-14
Red Hat
glibc: fnmatch() alloca()-based memory corruption flaw2010-08-05
Red Hat
sysstat insecure temporary file usage2007-08-10
CVE-2011-2007 (MEDIUM CVSS 5) | Microsoft Host Integration Server ( | cvebase.io