CVE-2015-7705

CWE-20Improper Input ValidationCWE-119Buffer OverflowCWE-22Path TraversalCWE-264CWE-287Improper AuthenticationCWE-39910 documents9 sources
Severity
9.8CRITICAL
EPSS
31.0%
top 3.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NTP NTPCitrix Xenserver
Timeline
PublishedAug 7
Latest updateMay 13

Description

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDntp/ntp4.2.04.2.8+2
Debianntp< 1:4.2.8p4+dfsg-3
NVDcitrix/xenserver4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-xj8r-mpwc-m649: The rate limiting feature in NTP 42022-05-13
CVEList
CVE-2015-7705: The rate limiting feature in NTP 42017-08-07
OSV
CVE-2015-7705: The rate limiting feature in NTP 42017-08-07

📋Vendor Advisories

4
Ubuntu
NTP vulnerabilities2015-10-27
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 20152015-10-22
Red Hat
ntp: denial of service by trigerring rate limiting on NTP server2015-10-21
Debian
CVE-2015-7705: ntp - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo...2015

💬Community

2
Bugzilla
CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server [fedora-all]2016-01-06
Bugzilla
CVE-2015-7705 ntp: denial of service by trigerring rate limiting on NTP server2015-10-22
CVE-2015-7705 (CRITICAL CVSS 9.8) | The rate limiting feature in NTP 4. | cvebase.io